The Guidelines set out the criteria, thresholds and methodology to be used by payment service providers in order to determine whether an operational or security incident should be considered major and, therefore, be notified to the competent authority in the home Member State. In developing the Guidelines, the EBA and ECB  have built on the experience across national jurisdictions and authorities and assessed existing similar practices for incident reporting.
	More specifically, these Guidelines provide the template that payment service providers are required to use for this notification and the reports they have to send during the lifecycle of the incident, including the time frame to do so. The Guidelines also establish a set of criteria that competent authorities have to use as primary indicators when assessing the relevance of a major operational or security incident to other domestic authorities in the context of the PSD2. Moreover, they detail the minimum information that competent authorities should share with these domestic authorities when an incident is considered of relevance for the latter.
	Following the analysis of the 43 responses received during the public consultation, the EBA has made some amendments to the Guidelines. In particular, it has further defined the criteria, reviewed one of the thresholds, extended the deadline for the first report, streamlined the amount of information to be provided at that stage, and generally clarified the information to be provided in each of the reports.
	The Guidelines will apply from 13 January 2018.
	Press release
	Guidelines
      
      
      
      
        © EBA
     
      
      
      
      
      
      Key
      
 Hover over the blue highlighted
        text to view the acronym meaning
      

Hover
        over these icons for more information
      
      
 
     
    
    
      
      Comments:
      
      No Comments for this Article