Changeflow GovPing Banking & Finance NBB Circular on ICT Incident Reporting and Cybe...
Priority review Guidance Added Final

NBB Circular on ICT Incident Reporting and Cyber Threat Notification Under DORA

Favicon for www.nbb.be National Bank of Belgium
Published
Detected
Email

Summary

The National Bank of Belgium issued Circular NBB_2026_04 establishing procedures for financial institutions to report major ICT-related incidents and voluntarily notify significant cyber threats under the Digital Operational Resilience Act (DORA). The circular applies to credit institutions, stockbroking firms, insurance and reinsurance companies, market infrastructures, payment institutions, e-money institutions, and institutions authorized to hold dematerialised securities. Affected entities must use NBB-specified procedures and timelines for incident reporting and may voluntarily submit notifications regarding significant cyber threats.

Published by NBB on nbb.be . Detected, standardized, and enriched by GovPing. Review our methodology and editorial standards .

About this source

GovPing monitors National Bank of Belgium for new banking & finance regulatory changes. Every update since tracking began is archived, classified, and available as free RSS or email alerts — 6 changes logged to date.

View original document View source feed page

What changed

The NBB published Circular NBB202604 providing detailed guidance on the reporting of major ICT-related incidents and voluntary notification of significant cyber threats under the Digital Operational Resilience Act (DORA). The circular establishes the specific procedures, formats, and timelines that financial institutions must follow when reporting incidents to the NBB.\n\nFinancial institutions supervised by the NBB—including credit institutions, insurance companies, payment institutions, and market infrastructures—must implement compliant incident reporting processes aligned with this circular. Entities should review their current ICT incident response procedures, ensure staff are trained on reporting obligations, and establish mechanisms for both mandatory incident reporting and voluntary cyber threat notifications as specified by DORA requirements.

What to do next

  1. Review NBB_2026_04 incident reporting procedures and timelines
  2. Ensure ICT incident response plans align with DORA requirements
  3. Establish processes for voluntary cyber threat notifications to NBB

Archived snapshot

Apr 16, 2026

GovPing captured this document from the original source. If the source has since changed or been removed, this is the text as it existed at that time.

Circular NBB202604 / Reporting of major ICT-related incidents and voluntary notification of significant cyber threats under DORA

Circulars and communications NBB202604 Publication date

2 Apr 2026 - 14:39

Area of responsiblity Supervision of financial institutions Sector Systemic financial institutions Credit institutions Stockbroking firms Insurance and reinsurance companies Market infrastructures Institutions authorised to hold dematerialised securities Payment institutions and e-money institutions Theme Miscellaneous Reporting Download pdf • 42.34 KB

Named provisions

Reporting of major ICT-related incidents Voluntary notification of significant cyber threats

Related changes

Favicon for www.nbb.be Allianz Risk Transfer AG Portfolio Cession to Allianz Global Corporate & Specialty SE
Routine Apr 22, 2026 National Bank of Belgium Banking & Finance

Get daily alerts for National Bank of Belgium

Daily digest delivered to your inbox.

Free. Unsubscribe anytime.

Source

Favicon for www.nbb.be
National Bank of Belgium nbb.be/en/activities/financial-supervision-and-resolution/cross-cutting-and-international-aspects/all-news
Banking & Finance

About this page

What is GovPing?

Every important government, regulator, and court update from around the world. One place. Real-time. Free. Our mission

What's from the agency?

Source document text, dates, docket IDs, and authority are extracted directly from NBB.

What's AI-generated?

The summary, classification, recommended actions, deadlines, and penalty information are AI-generated from the original text and may contain errors. Always verify against the source document.

Last updated

Press inquiries →

Classification

Agency
NBB
Published
April 2nd, 2026
Instrument
Guidance
Legal weight
Non-binding
Stage
Final
Change scope
Substantive
Document ID
NBB_2026_04

Who this affects

Applies to
Banks Insurers Financial advisers
Industry sector
5221 Commercial Banking
Activity scope
ICT incident reporting Cyber threat notification Operational resilience
Geographic scope
BE BE

Taxonomy

Primary area
Cybersecurity
Operational domain
Risk Management
Compliance frameworks
DORA
Topics
Banking Financial Services

Browse Categories

Agriculture & Food Safety 74 AI Regulation 3 Banking & Finance 422 Consumer Protection 90 Courts & Legal 412 Data Privacy & Cybersecurity 90 Defense & National Security 53 Education 60 Energy 101 Environment 155 Gaming 2 Government & Legislation 437 Healthcare 15 Healthcare & Life Sciences 380 Immigration 10 Insurance 80 Labor & Employment 146 Pharma & Drug Safety 21 Professional Licensing 8 Real Estate & Housing 79 Securities & Markets 156 Tax 79 Telecom & Technology 48 Trade & Sanctions 141 Transportation 91

Get alerts for this source

We'll email you when National Bank of Belgium publishes new changes.

Free. Unsubscribe anytime.

You're subscribed!