EBA repeals guidelines on major incident reporting under the revised Payment Services Directive

The European Banking Authority has announced that it has repealed its guidelines on major incident reporting under the revised Payment Services Directive due to the application of harmonized incident reporting under the Digital Operational Resilience Act. DORA introduced harmonized incident reporting requirements that apply to financial entities across the banking, securities/markets, insurance, and pensions sectors, including most payment service providers. DORA also disapplies the incident reporting requirements under PSD2 for those PSPs. As such, the EBA has repealed the guidelines to simplify the reporting of major incidents by PSPs and provide legal certainty to the market. The EBA reminds firms that incident reporting requirements under PSD2 still apply for other types of PSPs, such as post office giro institutions and credit unions, that are not covered by DORA. The EBA notes that those PSPs that are still subject to PSD2 incident reporting requirements may be subject to national incident reporting requirements, regardless of the existence of the EBA guidelines. Competent national authorities willing to retain the incident reporting approach included in the EBA guidelines for those PSPs can continue to do so under their national legal framework or supervisory measures.

Return to main website.