Printable version

EBA Final Guidance on Security Incident Reporting

The European Banking Authority (EBA) has published the Final Guidelines on major incident reporting under the new Payment Services Directive (PSD2).

The Guidelines were developed in close cooperation with the European Central Bank (ECB), are addressed to all payment services providers and competent authorities in the 28 EU Member States, and contribute to the objective of the PSD2 of minimizing disruption to users, payment service providers and payment systems.

The Guidelines:

  • set out the criteria, thresholds and methodology for identifying a major security incident;
  • determine when such an incident must be notified to the competent authority in the home Member State; 
  • provide the template that payment service providers should use for notification;
  • set out reports which must be sent during the incident;
  • establish a set of criteria for competent authorities  to use when assessing the relevance of a major operational or security incident;
  • detail the minimum information that competent authorities should share with other domestic authorities.

The Guidelines will apply from 13 January 2018.

Channel website:

Share this article

Latest News from