The Swedish Financial Supervisory Authority has announced that reporting of serious ICT-related incidents and cyber threats under the Digital Operational Resilience Act (DORA) will migrate to a new version from Monday 31 March. The current Excel-based reporting will be replaced by a JSON (.json) solution in Fidac. The new reporting remains under the “Event-driven” area in Fidac but is split into separate modules: DORA Incident Initial report, DORA Incident Intermediate report, DORA Incident Final report, and DORA Significant cyber threat. Incident reporting will start with the Initial report, continue with the Intermediate report and conclude with the Final report, with a unique reference code included in email notifications to link the reports for the same incident. A test environment is already available via Fidac Test Reporting, generating separate emails but using the same data structure and including the reference code; test reports are not forwarded, and live submissions must be made in Fidac. The Excel version will remain available for a short period before being removed.
Finansinspektionen 2025-03-20
Swedish Financial Supervisory Authority moves DORA incident and cyber threat reporting in Fidac from Excel to modular JSON from 31 March
The Swedish Financial Supervisory Authority will transition serious ICT-related incident and cyber threat reporting under the Digital Operational Resilience Act (DORA) to a JSON-based solution in Fidac starting 31 March. The new system includes modules for initial, intermediate, and final incident reports, and significant cyber threats, with unique reference codes linking related reports. A test environment is available, but live submissions must be made in Fidac, with the Excel version being phased out.