DORA-Art18-P1

Article
18 (1)
Pillar
ICT Incident Detection & Reporting
Regulation Ref
Regulation (EU) 2022/2554, Article 18(1)
Last Reviewed
2026-01-15

Financial entities shall classify ICT-related incidents and shall determine their impact on the basis of criteria including the number of clients affected, the duration, the geographical spread, the data losses, the criticality of services affected and the economic impact.

Evidence Profiles

ICT Incident Classification Taxonomy PARTIAL

Structured JSON taxonomy defining incident classification criteria including severity levels, impact dimensions (clients affected, duration, geographical spread, data losses, criticality of services, economic impact) as required by DORA Article 18.

Formats
JSON
Evidence Class
incident-classification-taxonomy
Availability
PARTIAL
Update Frequency
annual
Typical Author
Incident Manager
Approval Chain
Incident Manager → CISO

Content Sections

Expected Fields

Common Quality Issues

ICT Incident Impact Assessment Template PARTIAL

Template document for assessing the impact of ICT-related incidents across the six DORA-defined dimensions: clients affected, duration, geographical spread, data losses, criticality of services, and economic impact.

Formats
DOCX
Evidence Class
incident-impact-assessment
Availability
PARTIAL
Update Frequency
event-driven
Typical Author
Incident Manager
Approval Chain
Incident Manager → CISO → CRO

Content Sections

Expected Fields

Common Quality Issues

Fact Schemas

incident_classification_taxonomy_status

Schema ID
fs-incident-classification-taxonomy
Control
DORA-Art18-P1

Valid Ranges

effective_date
within last 18 months
severity_levels_count
typically 3-5 levels
impact_dimensions_covered
all 6 DORA dimensions for full compliance

Related Schemas

JSON Schema

{
  "properties": {
    "aligned_with_esa_rts": {
      "type": "boolean"
    },
    "covers_all_impact_dimensions": {
      "type": "boolean"
    },
    "effective_date": {
      "format": "date",
      "type": "string"
    },
    "has_major_incident_thresholds": {
      "type": "boolean"
    },
    "impact_dimensions_covered": {
      "items": {
        "enum": [
          "clients_affected",
          "duration",
          "geographical_spread",
          "data_losses",
          "service_criticality",
          "economic_impact"
        ],
        "type": "string"
      },
      "type": "array"
    },
    "severity_levels_count": {
      "minimum": 2,
      "type": "integer"
    },
    "taxonomy_version": {
      "minLength": 1,
      "type": "string"
    }
  },
  "required": [
    "taxonomy_version",
    "effective_date",
    "severity_levels_count",
    "has_major_incident_thresholds",
    "covers_all_impact_dimensions"
  ],
  "type": "object"
}

incident_impact_assessment

Schema ID
fs-incident-impact-assessment
Control
DORA-Art18-P1

Valid Ranges

severity_classification
based on taxonomy thresholds
clients_affected_count
major if exceeding institution-specific threshold

Related Schemas

JSON Schema

{
  "properties": {
    "assessment_date": {
      "format": "date",
      "type": "string"
    },
    "clients_affected_count": {
      "minimum": 0,
      "type": "integer"
    },
    "critical_services_impacted": {
      "minimum": 0,
      "type": "integer"
    },
    "data_records_affected": {
      "minimum": 0,
      "type": "integer"
    },
    "duration_hours": {
      "minimum": 0,
      "type": "number"
    },
    "estimated_financial_impact_eur": {
      "minimum": 0,
      "type": "number"
    },
    "geographical_regions_affected": {
      "minimum": 0,
      "type": "integer"
    },
    "incident_id": {
      "minLength": 1,
      "type": "string"
    },
    "is_major_incident": {
      "type": "boolean"
    },
    "severity_classification": {
      "enum": [
        "low",
        "medium",
        "high",
        "critical"
      ],
      "type": "string"
    }
  },
  "required": [
    "incident_id",
    "assessment_date",
    "severity_classification",
    "clients_affected_count",
    "duration_hours"
  ],
  "type": "object"
}