ARTICLE
7 March 2025

DORA Rollout Update: CSSF Extends Weekend And Public Holiday Reporting Deadline For Luxembourg Financial Institutions

LS
Luther S.A.

Contributor

Leading business law firm Luther was established in Luxembourg in 2010. The firm’s multilingual professionals advise domestic and international clients across numerous practice areas, particularly Corporate/M&A, Banking and Finance, Dispute Resolution, Investment Management, Employment, and Real Estate. Our clients, ranging from multinational corporations, investment funds, financial institutions to private equity firms, have placed their trust in our interdisciplinary legal advice that aims to hit the mark. Luther employs over 420 lawyers and tax advisors and is present in ten German economic centers and has ten international offices in European and Asian financial centers.
The Digital Operational Resiliance Act (DORA) - a cornerstone regulatory framework in the financial sector enhancing cybersecurity practices and standards across the EU. On 28 February 2020...
Luxembourg Finance and Banking

Key objectives include:

1. Standardizing cybersecurity regulations: Ensuring consistent regulatory technical standards for cybersecurity across the EU

2. Protecting critical services: Safeguarding critical and essential services from potential vulnerabilities and cyberattacks

3. Incident reporting: Mandating the reporting of major ICT incidents to the competent national authority (CSSF in Luxembourg)

Reporting Obligations in Luxembourg

Luxembourg entities must report ICT incidents to the CSSF by 12 noon on the next working day if they occur on weekend days or public holidays (as specified in Article 5 of the RTS). However, some entities (material entities) with significant activities must report on the same day, regardless of whether it's a non-working day.

Update: Postponement of Material Entity Identification

The CSSF has announced a postponement of identifying material entities in Luxembourg until the full implementation of Directive (EU) 2022/2555 (NIS 2), which DORA and the RTS are based on. This means that financial actors in Luxembourg will need to wait for further guidance on reporting requirements.

What's Next?

As the transposition deadline for NIS 2 was set for 17th October 2024 and has already passed, there is an urgent need for action. Luxembourg is working on the implementation, and we expect new developments regarding the reporting requirements of the RTS under DORA very soon. Stay tuned for updates!

The content of this article is intended to provide a general guide to the subject matter. Specialist advice should be sought about your specific circumstances.

Mondaq uses cookies on this website. By using our website you agree to our use of cookies as set out in our Privacy Policy.

Learn More