EIOPA2025 Report on major ICT-related incidents Joint-ESA report under Article 22 of DORA / EIOPA. — Brussels : EIOPA, 202621 p.List of Figures -- Abbreviations -- Executive Summary -- Introduction -- Methodology -- Overview of major incidents in the EU -- Conclusions. — Sumario: This joint ESAs report provides an anonymised, aggregated overview of major ICT-related incidents reported in 2025 under DORA Article 22. A total of 3,383 incidents were notified, mostly in the credit and payments sectors. One third had cross-border impact, reflecting strong interconnections, shared infrastructures and third-party dependencies. System failures and external events were the predominant drivers; about 29% originated at third-party providers. Cybersecurity incidents represented a smaller share, suggesting safeguards and detection measures are effective, though vigilance is needed. Most incidents had limited impact on clients, transactions and financial counterparties, pointing to timely detection and effective containment. The report discusses classification criteria, root causes, impacts, remedial actions, costs, and highlights selected cross-border events (e.g., TARGET services outage; Iberian Peninsula blackout). It also notes data quality and reporting divergences in this first DORA year and outlines steps to improve supervisory convergence and data collection1. Unión Europea. 2. Reglamento DORA. 3. Riesgo informático. 4. Supervisión financiera. 5. Externalización de servicios. 6. Unión Europea. I. Título.
