Classification of major incidents

This is a placeholder-page for the full legal text of the regulatory technical standard (RTS) on classification of major incidents, supplementing DORA. It was submitted by the ESAs to the European Commission in January 2024 as mandated by Article 18(3) of DORA. It is expected to become applicable on 17 January 2025 along with DORA.

Until we publish the full legal text here, please find the draft RTS on ESMA’s web page or the adopted regulation on the EC’s web page..

The RTS on classification of major incidents specifies the criteria for the classification of ICT-related incidents or operational or security payment-related (”OSP-related”) incidents, materiality thresholds for major incidents and significant cyber threats.