EBA logo

EBA E-mail alert 6 February, 2026

Final Q&As

Question ID: 2025_7466

Topic
Other DORA topics
Subject matter
Public Authorities Exemption

Is the exemption for public authorities as quoted in recital 63 sentence 3 last half-sentence meant to be a general exemption for all public authorities as defined under art. 3 no. 65 DORA when providing ICT related services in the context of fulfilling State functions, or is the exemption limited to payment services and payment-related solutions?

Question ID: 2025_7539

Topic
ICT-related incidents (management / classification / reporting)
Subject matter
Types of "telephone services" included under the definition of "ICT services"

Which types of telephone services fall within the scope of the definition of "ICT services"? 

Question ID: 2025_7613

Topic
ICT-related incidents (management / classification / reporting)
Subject matter
Classification of phishing-attacks as a reportable major ICT-related incident

Can individual phishing incidents that target the customers of a financial entity in their “private sphere” be subsumed under “compromises the security of the network and information systems” pursuant to Article 3 No. 8 of Regulation (EU) 2022/2554 and can they therefore constitute a major ICT-related incident that must be reported pursuant to Article 19 (1) of Regulation (EU) 2022/2554? 

You can edit or cancel your subscription at any time. This is a test version of the newsletter.
Please do not reply to this message. If you have questions, please visit our contact page.
Please refer to EBA’s Legal notice regarding the handling of your personal data.
© European Banking Authority - https://www.eba.europa.eu