Free AI-powered Legal Search - Explore European Union Legislation

Scroll to: Top Results

Explore European Union Legislation by Asking a Legal Question

assisted-checkbox

filter-instruction-1

positive-filters

negative-filters

act-filter tabs-all

parameters-title

query

assisted-checkbox: ✅

result-title

total 3

Directive (EU) 2015/2366 of the European Parliament and of the Council of 25 November 2015 on payment services in the internal market, amending Directives 2002/65/EC, 2009/110/EC and 2013/36/EU and Regulation (EU) No 1093/2010, and repealing Directive 2007/64/EC (Text with EEA relevance)

article 95

CELEX: 02015L2366-20250117

Management of operational and security risks

1. Member States shall ensure that payment service providers establish a framework with appropriate mitigation measures and control mechanisms to manage the operational and security risks, relating to the payment services they provide. As part of that framework, payment service providers shall establish and maintain effective incident management procedures, including for the detection and classification of major operational and security incidents. The first subparagraph is without prejudice to the application of Chapter II of Regulation (EU) 2022/2554 to:

(a) payment service providers referred to in points (a), (b) and (d) of Article 1(1) of this Directive;

(b) account information service providers referred to in Article 33(1) of this Directive;

(c) payment institutions exempted pursuant to Article 32(1) of this Directive; and (d) electronic money institutions benefitting from a waiver as referred to in Article 9(1) of Directive 2009/110/EC.

article 95

CELEX: 02015L2366-20250117

2. Member States shall ensure that payment service providers provide to the competent authority on an annual basis, or at shorter intervals as determined by the competent authority, an updated and comprehensive assessment of the operational and security risks relating to the payment services they provide and on the adequacy of the mitigation measures and control mechanisms implemented in response to those risks.

3. By 13 July 2017, EBA shall, in close cooperation with the ECB and after consulting all relevant stakeholders, including those in the payment services market, reflecting all interests involved, issue guidelines in accordance with Article 16 of Regulation (EU) No 1093/2010 with regard to the establishment, implementation and monitoring of the security measures, including certification processes where relevant. EBA shall, in close cooperation with the ECB, review the guidelines referred to in the first subparagraph on a regular basis and in any event at least every 2 years.

article 95

CELEX: 02015L2366-20250117

4. Taking into account experience acquired in the application of the guidelines referred to in paragraph 3, EBA shall, where requested to do so by the Commission as appropriate, develop draft regulatory technical standards on the criteria and on the conditions for establishment, and monitoring, of security measures. Power is delegated to the Commission to adopt the regulatory technical standards referred to in the first subparagraph in accordance with Articles 10 to 14 of Regulation (EU) No 1093/2010.

5. EBA shall promote cooperation, including the sharing of information, in the area of operational and security risks associated with payment services among the competent authorities, and between the competent authorities and the ECB and, where relevant, the European Union Agency for Network and Information Security.