The Liechtenstein Financial Market Authority has brought forward implementation of the European Union’s Digital Operational Resilience Act, making a new incident reporting form for serious ICT-related incidents available in its e-Service Portal from 1 February 2025. ICT-related incidents must be reported to the FMA when the applicable classification criteria under Commission Delegated Regulation (EU) 2024/1772 are met. The portal also supports voluntary reporting of significant cyber threats where a financial intermediary identifies a threat to the financial sector, other market participants or customers. Reports must be submitted using the European Supervisory Authorities’ Excel templates available via the e-Service and the FMA’s DORA webpage, provided in English and completable in German or English. The same form is to be used by financial intermediaries within scope of FMA Directive 2021/3 to report serious or disruptive ICT incidents under that directive, although DORA classification criteria and deadlines do not need to be met for those reports. The previous cyber-attack reporting form has been deactivated.
Liechtenstein Financial Market Authority2025-02-03
Liechtenstein Financial Market Authority advances implementation of DORA and introduces new e-Service Portal reporting for serious ICT incidents
The Liechtenstein Financial Market Authority has expedited the EU's Digital Operational Resilience Act, introducing a new incident reporting form for serious ICT-related incidents via its e-Service Portal from 1 February 2025. ICT incidents must be reported when they meet criteria under Commission Delegated Regulation (EU) 2024/1772, with voluntary reporting for significant cyber threats also supported. Reports should use the European Supervisory Authorities’ templates, available in English and completable in German or English.