CSSF Circular 24/847 on the ICT-related incident reporting framework.
The CSSF ICT-incident reporting framework replacing 11/504, articulating DORA, the NIS Law and CSSF Regulation 24-01.
Who is concerned?
This circular is broken down into 4 sections analysed one by one, each with the official text and Luxgap practical guidance for compliance in Luxembourg.Key obligations
The CSSF ICT-incident reporting framework replacing 11/504, articulating DORA, the NIS Law and CSSF Regulation 24-01.
Luxgap supports CSSF-supervised entities (banks, PFS, payment and e-money institutions, management companies, funds) in complying with this circular: gap analysis, policy and register updates, CSSF inspection readiness, articulation with the DORA Regulation and the NIS 2 framework where relevant.
Deadlines
See the official CSSF text for precise application dates. Most recent ICT circulars articulate with the DORA Regulation, applicable since 17 January 2025.
Sanctions for non-compliance
Non-compliance exposes entities to CSSF administrative sanctions: injunctions, pecuniary sanctions, restrictions or suspension of authorisation.
How Luxgap helps
The CSSF ICT-incident reporting framework replacing 11/504, articulating DORA, the NIS Law and CSSF Regulation 24-01.
Luxgap supports CSSF-supervised entities (banks, PFS, payment and e-money institutions, management companies, funds) in complying with this circular: gap analysis, policy and register updates, CSSF inspection readiness, articulation with the DORA Regulation and the NIS 2 framework where relevant.
Let's set up your CSSF compliance.
Configure a quote for a compliance audit on this circular. Reply within one business day.
Build my quote →
