CSSF Circular 20/750 on ICT and security risk management requirements.
The CSSF foundation for ICT risk and information security management in the financial sector.
Who is concerned?
This circular is broken down into 4 sections analysed one by one, each with the official text and Luxgap practical guidance for compliance in Luxembourg.Key obligations
The CSSF foundation for ICT risk and information security management in the financial sector.
Luxgap supports CSSF-supervised entities (banks, PFS, payment and e-money institutions, management companies, funds) in complying with this circular: gap analysis, policy and register updates, CSSF inspection readiness, articulation with the DORA Regulation and the NIS 2 framework where relevant.
Deadlines
See the official CSSF text for precise application dates. Most recent ICT circulars articulate with the DORA Regulation, applicable since 17 January 2025.
Sanctions for non-compliance
Non-compliance exposes entities to CSSF administrative sanctions: injunctions, pecuniary sanctions, restrictions or suspension of authorisation.
How Luxgap helps
The CSSF foundation for ICT risk and information security management in the financial sector.
Luxgap supports CSSF-supervised entities (banks, PFS, payment and e-money institutions, management companies, funds) in complying with this circular: gap analysis, policy and register updates, CSSF inspection readiness, articulation with the DORA Regulation and the NIS 2 framework where relevant.
Let's set up your CSSF compliance.
Configure a quote for a compliance audit on this circular. Reply within one business day.
Build my quote →