The three European Supervisory Authorities (RBA, EIOPA, and ESMA – the ESA) have published a new batch of policy products under the Digital Operational Resilience Act (DORA).
The second batch consists of four final draft regulatory technical standards (RTS), a set of Implementing Technical Standards (ITS), as well as two guidelines. Together, the new batch of policy products aims to boost the digital operational resilience of the EU’s financial sector.
The ESAs published the following final draft technical standards:
RTS and ITS on the content, format, templates, and timelines for reporting big ICT-related incidents and significant cyber threats;
RTS on the harmonisation of conditions enabling the conduct of the oversight activities;
RTS specifying the criteria for determining the composition of the joint examination team;
RTS on threat-led penetration testing (TLPT).
The final draft of the new technical standards and guidelines have been already adopted and submitted to the European Commission. Following this, the EC will start working on the review, and is expected to adopt the new policy products in the upcoming months of 2024.
The Digital Operational Resilience Act represents a EU regulation originally entered into force in mid-January 2023 and will apply as of mid-January 2025. It aims to strengthen the IT security of financial entities, including banks, investment companies, and insurances, allowing Europe’s financial sector to remain stable, resilient, and safe in case of severe operational disruption.
Every day we send out a free e-mail with the most important headlines of the last 24 hours.
Subscribe now