top of page

EBA repeals the Guidelines on major incident reporting under PSD2

  • Antonis Hadjicostas
  • Feb 17
  • 2 min read

Updated: Mar 17




🔔 Regulatory Alert _Relaxation!


🔊 Applicable to: Investment Firms, Insurance Companies, Financial Institutions


📢 Latest Update – Focus on DORA


The European Banking Authority (EBA) repealed its Guidelines on major incidents reporting under the Payment Services Directive (PSD2) due to the application of harmonised incident reporting under the Digital Operational Resilience Act (DORA) as from 17 January 2025.


Purpose & Goal of Repealing

DORA, applies since 17 January 2025 and introduced a set of harmonised incident reporting requirements that apply to financial entities across the banking, securities/markets, insurance and pensions sectors.


The repeal of the Guidelines aims at simplifying the reporting of major incidents by payment service providers (PSPs) and providing legal certainty to the market.


In that regard, to ensure legal clarity and certainty for the payment service providers covered by DORA, and to simplify the overall reporting of major incidents by PSPs, the EBA has decided to repeal its Guidelines on major incident reporting under PSD2 for entities covered by DORA.


Entities Covered by DORA: DORA applies to a wide range of financial entities, including:

  • Credit institutions

  • Payment institutions

  • Electronic money institutions

  • Account information service providers


It is important to note that incident reporting requirements under PSD2 still apply for other types of PSPs (e.g. post-office giro institutions and credit unions) that are not covered by DORA. Those PSPs that are still subject to incident reporting requirements under the PSD2 can be subject to national incident reporting requirements, regardless of the existence of the EBA Guidelines.


Competent authorities willing to retain the incident reporting approach included in the EBA Guidelines for those PSPs can continue to do so under their national legal framework or supervisory measures. 

.

⛔ Why it Matters:


Compliance and internal audit functions are designed to ensure that the internal control mechanisms to monitor, identify, measure, and mitigate any possible risks of non-compliance with the applicable rules are in place. Therefore, ensuring that the entities have robust internal controls is crucial to avoid investor detriment and preserve financial stability.

 
 

The material reflected in our website, including Blog material, is for informational purposes only and does not constitute legal advice, consulting, or any other professional advice. Please seek independent professional guidance for your specific needs.

All rights reserved. No part of this work may be reproduced, stored in a retrieval system of any nature, or transmitted, in any form or by any means including photocopying and recording, without the prior written permission of the ENAH Services Ltd. The reproduction or transmission of all or part of the work, whether by photocopying or storing in any medium by electronic means or otherwise without the written permission of the owner is strictly prohibited and the commission of any unauthorised act in relation to the work will result in civil and/or criminal actions. 

bottom of page