LUX CAA DORA Incident Reporting

Updated on: May 2, 2025

Latest Event

  • Apr. 2025 Errors Update
  • On Apr. 29, 2025, LUX CAA issued note 25/6 re deadline to correct errors in files.
  • Recalls that per LC25/1 insurers and reinsurers had to sumbit data in specific formats; after receipt of ROI reports via SOFiE/E-File, LUX CAA sends feedback to insurance and reinsurance undertakings (via SOFiE/E-File).
  • Return Feedback Files (FBR) files indicate if LUX CAA received report, also if naming convention applied correctly (Delivery: Success) or not (Delivery: Failure!!!).
  • If failure, additional information provides indication of type of error (e.g. incorrect package structure, incorrect reference date, incorrect taxonomy version, etc.) that prevents validation and subsequent processing.
  • Next step is for systems to validate csv and json file package against DORA taxonomy; if possible, feedback file (FBX) is created and automatically returned via SOFiE/E-File.
  • As with S2 reports, entities expected to correct and resend ROI reports until no errors in FBX file but unfortunately, some csv and json file packages contain technical errors that prevent creation of a feedback FBX.
  • LUX CAA also forwards ROI reports received to ESAs and receives feedback from them; data received will be returned companies in form of validation feedback files (VFFs).
  • Unlike FBX validations, these are not limited to those in DORA taxonomy, go further, also include validations against LEI or EUID codes provided by supervised entities.
  • Insurance, reinsurance companies must correct ROI reporting post receipt of FBX and/or FBV feedback files, return corrected file via SOFiE/EFile by May 23, 2025 at the latest; most errors resulting in rejections by ESAs avoided guidelines followed.

On Jan. 14, LUX CAA published DORA reporting requirement circular.

  • LUX CAA published Circular Letter 25/1 on the Digital Operational Resilience Regulation (DORA), in relation to the notification of a major incident related to ICT technologies.
  • Notification Overview
  • In accordance with the requirements that are defined in the respective level 2 texts of the DORA regulation, all of the entities concerned are required to notify the LUX CAA from Jan. 17, 2025 of any major incident related to ICT technologies, that affect them.
  • Notifications must be made using a templates defined by and in accordance with the validation rules of European Supervisory Authorities (ESAs) as an annex to the circular.
  • Initially, the relevant entities concerned can either use the Excel template or notify the incident in JSON format, but in the medium term, the format to be used will be JSON.
  • From Mar. 2025, insurance and reinsurance companies are requested to transmit their notifications via one of usual SOFiE/E-File transmission channels for reporting to LUX CAA, however, by using a new defined reporting type DORA Incident Reporting (DIN).
  • LUX CAA has just added this option to its Naming conventions for reporting to the CAA.
  • These types of files will be used to transmit data from LUX CAA to the ESAs to include in the required central registers of information that will be maintained on incidents.
  • Apr. 2025 Errors Update
  • On Apr. 29, 2025, LUX CAA issued note 25/6 re deadline to correct errors in files.
  • Recalls that per LC25/1 insurers and reinsurers had to sumbit data in specific formats; after receipt of ROI reports via SOFiE/E-File, LUX CAA sends feedback to insurance and reinsurance undertakings (via SOFiE/E-File).
  • Return Feedback Files (FBR) files indicate if LUX CAA received report, also if naming convention applied correctly (Delivery: Success) or not (Delivery: Failure!!!).
  • If failure, additional information provides indication of type of error (e.g. incorrect package structure, incorrect reference date, incorrect taxonomy version, etc.) that prevents validation and subsequent processing.
  • Next step is for systems to validate csv and json file package against DORA taxonomy; if possible, feedback file (FBX) is created and automatically returned via SOFiE/E-File.
  • As with S2 reports, entities expected to correct and resend ROI reports until no errors in FBX file but unfortunately, some csv and json file packages contain technical errors that prevent creation of a feedback FBX.
  • LUX CAA also forwards ROI reports received to ESAs and receives feedback from them; data received will be returned companies in form of validation feedback files (VFFs).
  • Unlike FBX validations, these are not limited to those in DORA taxonomy, go further, also include validations against LEI or EUID codes provided by supervised entities.
  • Insurance, reinsurance companies must correct ROI reporting post receipt of FBX and/or FBV feedback files, return corrected file via SOFiE/EFile by May 23, 2025 at the latest; most errors resulting in rejections by ESAs avoided guidelines followed.
Regulators
LUX CAA
Entity Types
Ins
Reference
Nt 25/6, PR, 4/29/2025; Cir Lt 25/1, PR 1/14/2025; DORA Dir 2022/2556, Reg 2022/2554;
Functions
BCS; Compliance; Cyber; Legal; Reinsurance; Reporting; Risk; Technology
Countries
Luxembourg
Category
State
N/A
Products
Insurance
Rule Type
Final
Regions
EMEA
Rule Date
Jan 14, 2025
Effective Date
May 23, 2025
Rule ID
240324
Linked to
N/A
Reg. Last Update
Apr 29, 2025
Report Section
EU