Framework

CSSF Circulars (Luxembourg)

CSSF 22/806 outsourcing, 20/750 ICT risk, 24/847 ICT incidents — aligned to DORA but with Luxembourg specifics.

Owner: Compliance TeamLast reviewed: 2026-04-14

Scope in OneComply

  • /dashboard/cssf — circular mapping home.
  • /dashboard/cssf/circulars — structured reading view with control linkage.
  • Incident module — CSSF notification templates (2-hour, 24-hour, 72-hour).

Typical Workflow

  1. Review outsourcing arrangements against CSSF 22/806 Annex criteria.
  2. Classify material / critical outsourcings; ensure prior notification where required.
  3. Run the exit-strategy readiness check for critical providers.
  4. Configure CSSF incident reporting pathways alongside the DORA ones.

Continue reading

DORA (related)
CRA