Compliance Library Blog Product Sign In
EU-DORA-19-10 Reporting 19 — Reporting of major ICT-related incidents and voluntary notification of significant cyber threats

Submit final report after root cause analysis completion

Description

Financial entities must submit a final report when root cause analysis is completed (regardless of mitigation implementation status) and when actual impact figures are available to replace estimates.

Full Analysis & Evidence Requirements

Sign in to view the full obligation text, AI-generated applicability analysis, evidence checklists, and compliance mapping.

Sign In to View

Related Obligations

EU-DORA-19-01 Reporting

Report major ICT-related incidents to competent authority
EU-DORA-19-02 Reporting

Report major ICT incidents to ECB (significant credit institutions)
EU-DORA-19-03 Documentation

Produce initial notification and reports using templates
EU-DORA-19-04 Requirement

Use alternative notification means when template submission impossible
EU-DORA-19-05 Transparency

Include significance and cross-border impact information in reports
EU-DORA-19-06 Transparency

Inform clients about major ICT incidents without undue delay
EU-DORA-19-07 Transparency

Inform clients about protection measures for cyber threats
EU-DORA-19-08 Reporting

Submit initial notification within prescribed time limits
EU-DORA-19-09 Reporting

Submit intermediate reports upon status changes
EU-DORA-19-11 Requirement

Remain responsible for reporting when outsourcing to third party

Map this obligation to your AI systems

ReguLume automatically maps regulatory obligations to your system inventory, identifies compliance gaps, and generates remediation plans.

Get Started

Start your compliance assessment

Map obligations to your AI systems, identify gaps, and generate board-ready reports. Plans start at $149/mo.

Get Started