New guidelines on major incident reporting under PSD2
The European Banking Authority (EBA) published its final revised Guidelines on major incident reporting under the Payment Service Directive (PSD2). The aim of new guidelines is mainly to optimise the reporting process, simplify the templates, and to shift focus to incidents with significant impact on payment service providers (PSPs). The above actions applied will result in reducing the reporting burden for PSPs.
The new guidelines introduce:
- changes to some of the original classification criteria,
- a new criterion on the breach of security of network or information systems, that will focus on malicious actions that have compromised network or information systems related to the provision of payment services,
- additional time for submitting reports,
- simplified reporting templates.
These changes are estimated to result in a reduction of the reportable incidents by more than 10% and to facilitate PSPs in their reporting of major incidents.
The Guidelines will apply as of 1 January 2022 and are available on the link below.