Search Results for Information and communications technology (ICT)

Requirements regarding information and communication technology (ICT) and security risk management

Amendment of Circular CSSF 20/750 on requirements regarding information and communication (ICT) and security risk management

Press release 22/01

In light of the many questions surrounding Distributed Ledger Technology (DLT) and blockchain, the Commission de Surveillance du Secteur Financier (CSSF) is sharing its advice on assessing the risks when designing or implementing a project using DLT by publishing a white paper.

relating to the notification of incidents according to the Law of 28 May 2019 transposing Directive (EU) 2016/1148 of the European Parliament and of the Council of 6 July 2016 concerning measures for a high common level of security of network and information systems across the European Union.

Law of 28 May 2019 transposing Directive (EU) 2016/1148 of the European Parliament and of the Council of 6 July 2016 concerning measures for a high common level of security of network and information systems across the European Union and amending

1° the Law of 20 April 2009 establishing a Government IT Centre, as amended; and
2° the Law of 23 July 2016 establishing a High Commission for National Protection.

laying down rules for application of Directive (EU) 2016/1148 of the European Parliament and of the Council as regards further specification of the elements to be taken into account by digital service providers for managing the risks posed to the security of network and information systems and of the parameters for determining whether an incident has a substantial impact

on the definition of essential services according to the Law of 28 May 2019 transposing Directive (EU) 2016/1148 of the European Parliament and of the Council of 6 July 2016 concerning measures for a high common level of security of network and information systems across the European Union

supplementing Regulation (EU) 2022/2554 of the European Parliament and of the Council with regard to regulatory technical standards specifying ICT risk management tools, methods, processes, and policies and the simplified ICT risk management framework

supplementing Regulation (EU) 2022/2554 of the European Parliament and of the Council with regard to regulatory technical standards specifying the detailed content of the policy regarding contractual arrangements on the use of ICT services supporting critical or important functions provided by ICT third-party service providers

supplementing Regulation (EU) 2022/2554 of the European Parliament and of the Council by specifying the criteria for the designation of ICT third-party service providers as critical for financial entities

supplementing Regulation (EU) 2022/2554 of the European Parliament and of the Council by determining the amount of the oversight fees to be charged by the Lead Overseer to critical ICT third-party service providers and the way in which those fees are to be paid

Version 2

New reporting requirements and procedure

User guide