Reminder regarding ICT-related incident reporting requirements

Supervised entities are strongly encouraged to thoroughly review the applicable provisions to ensure a clear and comprehensive understanding of the reporting obligations. This includes knowing which types of ICT-related incidents trigger mandatory notification, the specific thresholds that apply, the required timelines for submission and the proper procedures for reporting through the designated channels. While certain incidents may be publicly known or reported by the press, the CSSF emphasises that such public knowledge does not exempt supervised entities from their obligation to report these incidents. Supervised entities are expected to act in accordance with the established requirements without delay.