[stock-market-ticker symbols="FB;BABA;AMZN;AXP;AAPL;DBD;EEFT;GTO.AS;ING.PA;MA;MGI;NPSNY;NCR;PYPL;005930.KS;SQ;HO.PA;V;WDI.DE;WU;WP" width="100%" palette="financial-light"]

European Supervisory Authorities launch joint consultation on second batch of policy mandates under the Digital Operational Resilience Act

11 decembrie 2023

The European Supervisory Authorities (EBA, EIOPA and ESMA – the ESAs) launched a public consultation on the second batch of policy mandates under the Digital Operational Resilience Act (DORA). Today’s package includes four draft regulatory technical standards (RTS), one set of draft implementing technical standards (ITS) and two sets of guidelines (GL).

These policy instruments aim to ensure a consistent and harmonised legal framework in the areas of major ICT-related incident reporting, digital operational resilience testing, ICT third-party risk management and oversight over critical ICT third-party providers. The consultation runs until 4 March 2024.

Through DORA the ESAs are mandated to jointly develop a total of 13 policy instruments, presented in two batches. This second batch comprises the following:

. RTS and ITS on content, timelines and templates on incident reporting

. GL on aggregated costs and losses from major incidents

. RTS on subcontracting of critical or important functions

. RTS on oversight harmonisation

. GL on oversight cooperation between ESAs and competent authorities

. RTS on threat-led penetration testing (TLPT)

Further information on the draft policy products can be found in the introductory note.

Consultation process

Comments on this consultation can be sent to the ESAs via the consultation pages:

Consultation on Joint draft technical standards on major incident reporting

Consultation on Joint draft Guidelines on estimation of aggregated annual costs and losses caused by major ICT-related incidents

Consultation on Joint draft RTS on subcontracting ICT services supporting critical or important functions

Consultation on Joint draft RTS on the harmonisation of conditions enabling the conduct of the oversight activities

Consultation on Joint draft guidelines on the oversight cooperation and information exchange between the ESAs and the competent authorities

Consultation on Joint draft RTS specifying elements related to threat led penetration tests 

Please note that the deadline for the submission for comments is 4 March 2024. All contributions received will be published following the end of the consultation, unless requested otherwise.

A public hearing will be organised in the form of a webinar on 23 January 2024 from 09:00 to 18:00 CET. The ESAs invite interested stakeholders to register using the Registration form by 16:00 CET on 19 January 2023. ​The dial-in details will be communicated to the registered participants in due time. 

Legal basis, background and next steps

DORA, which entered into force on 16 January 2023 and will apply from 17 January 2025, aims to enhance the digital operational resilience of entities across the EU financial sector and to further harmonise key digital operational resilience requirements for all EU financial entities.

The ESAs expect to submit the draft technical standards to the European Commission and issue the guidelines by 17 July 2024. 

__________

DOCUMENTS

Introductory note

Consultation paper on Joint draft RTS on subcontracting ICT services supporting critical or important functions

Consultation paper on Joint draft Guidelines on estimation of aggregated annual costs and losses caused by major ICT-related incidents

Consultation on Joint draft RTS on the harmonisation of conditions enabling the conduct of the oversight activities

Consultation paper on Joint draft technical standards on major incident reporting

Consultation paper on Joint draft guidelines on the oversight cooperation and information exchange between the ESAs and the competent authorities

Consultation paper on Joint draft RTS specifying elements related to threat led penetration tests

LINKS

Joint Technical Standards on major incident reporting

Joint Regulatory Technical Standards on subcontracting ICT services supporting critical or important functions

Joint Guidelines on estimation of aggregated annual costs and losses caused by major ICT-related incidents

Joint Regulatory Technical Standards on the harmonisation of conditions enabling the conduct of the oversight activities

Joint Regulatory Technical Standards specifying elements related to threat led penetration tests

Joint Guidelines on the oversight cooperation and information exchange between the ESAs and the competent authorities

Operational resilience

Noutăți
Cifra/Declaratia zilei

Anders Olofsson – former Head of Payments Finastra

Banking 4.0 – „how was the experience for you”

So many people are coming here to Bucharest, people that I see and interact on linkedin and now I get the change to meet them in person. It was like being to the Football World Cup but this was the World Cup on linkedin in payments and open banking.”

Many more interesting quotes in the video below:

Sondaj

In 23 septembrie 2019, BNR a anuntat infiintarea unui Fintech Innovation Hub pentru a sustine inovatia in domeniul serviciilor financiare si de plata. In acest sens, care credeti ca ar trebui sa fie urmatorul pas al bancii centrale?