Search Results for “Information security”

CSSF circular

Published on 09.04.2025

Circular CSSF 25/881

amending Circular CSSF 20/750 on requirements regarding information and communication technology (ICT) and security risk management

PDF (380.9Kb)

CSSF regulation

Published on 05.01.2024

CSSF Regulation No 24-01 of 5 January 2024

relating to the notification of incidents according to the Law of 28 May 2019 transposing Directive (EU) 2016/1148 of the European Parliament and of the Council of 6 July 2016 concerning measures for a high common level of security of network and information systems across the European Union.

Lien

PDF (49.76Kb)

Law

Published on 31.05.2019

Law of 28 May 2019

Law of 28 May 2019 transposing Directive (EU) 2016/1148 of the European Parliament and of the Council of 6 July 2016 concerning measures for a high common level of security of network and information systems across the European Union and amending

1° the Law of 20 April 2009 establishing a Government IT Centre, as amended; and
2° the Law of 23 July 2016 establishing a High Commission for National Protection.

Lien

PDF (198.07Kb)

EU regulation

Published on 31.01.2018

Commission Implementing Regulation (EU) 2018/151 of 30 January 2018

laying down rules for application of Directive (EU) 2016/1148 of the European Parliament and of the Council as regards further specification of the elements to be taken into account by digital service providers for managing the risks posed to the security of network and information systems and of the parameters for determining whether an incident has a substantial impact

Lien

Link

CSSF circular

Published on 29.12.2022

Circular CSSF 22/828

Amendment of Circular CSSF 20/750 on requirements regarding information and communication (ICT) and security risk management

PDF (112.73Kb)

PDF (115.03Kb)

CSSF circular

Updated on 09.04.2025 - Published on 25.08.2020

Circular CSSF 20/750 (as amended by Circulars CSSF 22/828 and 25/881) (French version being updated)

Requirements regarding information and communication technology (ICT) and security risk management

PDF (239.88Kb)

CSSF regulation

Published on 20.07.2020

CSSF Regulation No 20-04 of 15 July 2020 (only in French)

on the definition of essential services according to the Law of 28 May 2019 transposing Directive (EU) 2016/1148 of the European Parliament and of the Council of 6 July 2016 concerning measures for a high common level of security of network and information systems across the European Union

Lien

Press release

Archived since 08.01.2024 - Published on 20.10.2021

Publication of a new CSSF Circular on the obligation to notify in the case of IT outsourcing

Press release 21/25

In response to the continuing development of material IT outsourcing, the Commission de Surveillance du Secteur Financier (CSSF) simplifies its procedures for prior provision of information in this respect through Circular CSSF 21/785.

Page

Communiqué

Published on 01.04.2025

DORA – Submission timeframe for register of information – eDesk Portal open as of 1 April 2025

Page

Communiqué

Published on 09.04.2025

Update of several CSSF circulars related to ICT risk management and use of ICT third parties / ICT outsourcing

Page

CSSF circular

Published on 31.03.2022

Circular CSSF 22/804

Update of Circular CSSF 21/769 on governance and security requirements for Supervised Entities to perform tasks or activities through telework

PDF (473.49Kb)

PDF (432.22Kb)

CSSF circular

Updated on 31.03.2022 - Published on 09.04.2021

Circular CSSF 21/769 (as amended by Circular CSSF 22/804)

Governance and security requirements for supervised entities to perform tasks or activities through telework

PDF (314.75Kb)

PDF (295Kb)

Technical document

Published on 07.04.2025

Register of information: summary tables

PDF (61.47Kb)

ITS

Published on 02.12.2024

Commission Implementing Regulation (EU) 2024/2956 of 29 November 2024

laying down implementing technical standards for the application of Regulation (EU) 2022/2554 of the European Parliament and of the Council with regard to standard templates for the register of information

Lien

Link

Communiqué

Published on 09.04.2025

Definition of “ICT services” under DORA | New forms for ICT-third party arrangements / ICT outsourcing arrangements

Page

CSSF circular

Published on 09.04.2025

Circular CSSF 25/883

amending Circular CSSF 22/806 on outsourcing arrangements

PDF (827.56Kb)

CSSF circular

Published on 09.04.2025

Circular CSSF 25/882

on requirements on the use of ICT third-party services for Financial Entities subject to the Digital Operational Resilience Act (DORA)

PDF (261.02Kb)

CSSF circular

Published on 09.04.2025

Circular CSSF 25/880

on relationship management of payment service users and PSP ICT assessment

PDF (132.54Kb)

Communiqué

Published on 17.04.2024

Voluntary dry run exercise for the collection of the registers of information required by DORA

Page

Published on 09.04.2025

Digital Operational Resilience Act (DORA) (being reviewed)

Page

Name	Description	Duration
cssf_cookies	Saves information regarding the user's consent to the use of cookies for each optional category.	1 year
ROUTEID	Technical cookie allowing load distribution.	Deleted when the browsing session ends
TBMCookie*	Security: This cookies protects the website against automated attacks.	Deleted when the browsing session ends
__utmvc	These first party cookies are set by a third party service to filter out malicious requests.	Deleted when the browsing session ends
__utmvm*	These first party cookies are set by a third party service to filter out malicious requests.	15 minutes

Name	Description	Duration
cssf_profile	This cookie adapts the website pages to the profile chosen by the visitor (professionals, markets, consumers).	1 year
pll_language	This cookie saves the user’s language choice.	1 year

Name	Description	Duration
_pk_id.#	Collects anonymous statistical data on the website consultations, such as the number of visits or the average time spent on the website. The data is processed in-house and is not shared with a third party.	1 year
_pk_ses.#	Collects anonymous statistical data for the tracking of the pages consulted during the browsing session. The data is processed in-house and is not shared with a third party.	30 minutes

Search Results for Information security

Advanced filters

108 Result(s)

Circular CSSF 25/881

CSSF Regulation No 24-01 of 5 January 2024

Law of 28 May 2019

Commission Implementing Regulation (EU) 2018/151 of 30 January 2018

Circular CSSF 22/828

Circular CSSF 20/750 (as amended by Circulars CSSF 22/828 and 25/881) (French version being updated)

CSSF Regulation No 20-04 of 15 July 2020 (only in French)

Publication of a new CSSF Circular on the obligation to notify in the case of IT outsourcing

DORA – Submission timeframe for register of information – eDesk Portal open as of 1 April 2025

Update of several CSSF circulars related to ICT risk management and use of ICT third parties / ICT outsourcing

Circular CSSF 22/804

Circular CSSF 21/769 (as amended by Circular CSSF 22/804)

Register of information: summary tables

Commission Implementing Regulation (EU) 2024/2956 of 29 November 2024

Definition of “ICT services” under DORA | New forms for ICT-third party arrangements / ICT outsourcing arrangements

Circular CSSF 25/883

Circular CSSF 25/882

Circular CSSF 25/880

Voluntary dry run exercise for the collection of the registers of information required by DORA

Digital Operational Resilience Act (DORA) (being reviewed)