EBA finalises PSD2 incident reporting guidelines

EBA has finalised and published its revised guidelines for major incident reporting under PSD2. PSD2 requires PSPs to report major operational or security incidents to their supervisors where those incidents are likely to have an adverse impact on the provision of payment services.

The new guidelines update some of the classification criteria and introduce a new criterion on breach of security of network or information systems.  EBA has also taken the opportunity to remove unnecessary steps from the reporting process and allowed more time for submitting reports.

The guidelines will apply from 1 January 2022.

Emma Radmore