Recital 54

Payment-related incident reporting


This Regulation should require credit institutionsa credit institution as defined in Article 4(1), point (1), of Regulation (EU) No 575/2013 of the European Parliament and of the Council, payment institutionsa payment institution as defined in Article 4, point (4), of Directive (EU) 2015/2366, account information service providersan account information service provider as referred to in Article 33(1) of Directive (EU) 2015/2366 and electronic money institutionsan electronic money institution as defined in Article 2, point (1), of Directive 2009/110/EC of the European Parliament and of the Council to report all operational or security payment-related incidentsa single event or a series of linked events unplanned by the financial entities referred to in Article 2(1), points (a) to (d), whether ICT-related or not, that has an adverse impact on the availability, authenticity, integrity or confidentiality of payment-related data, or on the payment-related services provided by the financial entity – previously reported under Directive (EU) 2015/2366 – irrespective of the ICT nature of the incident.