DORA in force - new event-related notification

03.02.25 Supervision and Regulation
The advance implementation of Regulation (EU) 2022/2554, the so-called Digital Operational Resilience Act (DORA), took place in Liechtenstein on February 1, 2025. A new incident-related report for serious ICT-related incidents is therefore available in the e-Service Portal.

An ICT-related incident must be reported to the FMA if the relevant classification criteria set out in the DelVO (EU) 2024/1772 establishing the criteria for the classification of ICT-related incidents and cyber threats, the materiality thresholds and the details of serious incident reports are met.

 

 

In addition, it is now also possible to voluntarily report significant cyber threats via the e-Service Portal if the financial intermediary identifies a threat to the financial sector, other market participants or customers, for example.

 

 

The Excel templates of the European Supervisory Authorities (ESAs), which appear in the e-Service and on the FMA's DORA website, must be used to submit the report. The template is provided in English. It can be completed in both German and English.

 

 

This form is now also to be used by financial intermediaries within the scope of the FMA Directive 2021/3 for reporting serious or disruptive ICT-related incidents in accordance with margin no. 140 of the same directive. However, it should be noted that the classification criteria and deadlines under DORA do not have to be met.

 

The form previously provided for reporting cyber-attacks has now been deactivated.

 

This content has been translated using a fully automated machine translation tool. Some content may not be accurately translated. More information.

Downloads

Search
  • Pages
  • News
  • Warnings
  • Assets
  • Publications
  • Events
  • Employees
  • Legal basis
  • Guidelines