The European Supervisory Authorities (EBA, EIOPA and ESMA – the ESAs) launched a public consultation on the second batch of policy mandates under the Digital Operational Resilience Act (DORA). Today’s package includes four draft regulatory technical standards (RTS), one set of draft implementing technical standards (ITS) and two sets of guidelines (GL).
These policy instruments aim to ensure a consistent and harmonised legal framework in the areas of major ICT-related incident reporting, digital operational resilience testing, ICT third-party risk management and oversight over critical ICT third-party providers. The consultation runs until 4 March 2024.
Through DORA the ESAs are mandated to jointly develop a total of 13 policy instruments, presented in two batches. This second batch comprises the following:
. RTS and ITS on content, timelines and templates on incident reporting
. GL on aggregated costs and losses from major incidents
. RTS on subcontracting of critical or important functions
. RTS on oversight harmonisation
. GL on oversight cooperation between ESAs and competent authorities
. RTS on threat-led penetration testing (TLPT)
Further information on the draft policy products can be found in the introductory note.
Comments on this consultation can be sent to the ESAs via the consultation pages:
Consultation on Joint draft technical standards on major incident reporting
Consultation on Joint draft RTS specifying elements related to threat led penetration tests
Please note that the deadline for the submission for comments is 4 March 2024. All contributions received will be published following the end of the consultation, unless requested otherwise.
A public hearing will be organised in the form of a webinar on 23 January 2024 from 09:00 to 18:00 CET. The ESAs invite interested stakeholders to register using the Registration form by 16:00 CET on 19 January 2023. The dial-in details will be communicated to the registered participants in due time.
DORA, which entered into force on 16 January 2023 and will apply from 17 January 2025, aims to enhance the digital operational resilience of entities across the EU financial sector and to further harmonise key digital operational resilience requirements for all EU financial entities.
The ESAs expect to submit the draft technical standards to the European Commission and issue the guidelines by 17 July 2024.
__________
DOCUMENTS
Consultation paper on Joint draft technical standards on major incident reporting
Consultation paper on Joint draft RTS specifying elements related to threat led penetration tests
LINKS
Joint Technical Standards on major incident reporting
Joint Regulatory Technical Standards specifying elements related to threat led penetration tests
Banking 4.0 – „how was the experience for you”
„So many people are coming here to Bucharest, people that I see and interact on linkedin and now I get the change to meet them in person. It was like being to the Football World Cup but this was the World Cup on linkedin in payments and open banking.”
Many more interesting quotes in the video below: