1. The ESAs, through the Joint Committee, and in consultation with the ECB and ENISA, shall prepare a joint report assessing the feasibility of further centralisation of incident reporting through the establishment of a single EU Hub for major ICT-related incident reporting by financial entities. The joint report shall explore ways to facilitate the flow of ICT-related incident reporting, reduce associated costs and underpin thematic analyses with a view to enhancing supervisory convergence.
2. The joint report referred to in paragraph 1 shall comprise at least the following elements:
| (a) | prerequisites for the establishment of a single EU Hub; |
| (b) | benefits, limitations and risks, including risks associated with the high concentration of sensitive information; |
| (c) | the necessary capability to ensure interoperability with regard to other relevant reporting schemes; |
| (d) | elements of operational management; |
| (e) | conditions of membership; |
| (f) | technical arrangements for financial entities and national competent authorities to access the single EU Hub; |
| (g) | a preliminary assessment of financial costs incurred by setting-up the operational platform supporting the single EU Hub, including the requisite expertise. |
3. The ESAs shall submit the report referred to in paragraph 1 to the European Parliament, to the Council and to the Commission by 17 January 2025.