10 September 2024
Share Print

Final report on the ESA's second batch of policy materials under DORA

To The Point
(3 min read)

The three European Supervisory Authorities (EBA, EIOPA and ESMA – the ESAs) have published the second batch of policy products under the Digital Operational Resilience Act. This batch consists of further regulatory technical standards and implementing technical standards and guidelines, all of which aim at enhancing the digital operational resilience of the EU’s financial sector.

On 17 July 2024, the Joint Committee of the European Supervisory Authorities (ESAs) published their second batch of policy materials under the Regulation on digital operational resilience for the financial sector ((EU) 2022/2554) (DORA), consisting of the following:

  • Final report on draft regulatory technical standards (RTS) and implementing technical standards (ITS) on the content, format, templates and timelines for reporting major information and communication technology (ICT) related incidents and significant cyber threats under Article 20 of DORA (JC 2024 33).
  • Final report on draft RTS on the harmonisation of conditions enabling the conduct of the oversight activities under Article 41(1)(c) of DORA (JC 2024 54). These RTS relate to the criteria for determining the composition of the joint examination team (JET).
  • Final report on draft RTS on the harmonisation of conditions enabling the conduct of the oversight activities under Article 41(1) of DORA (JC 2024 35).
  • Final report on draft RTS specifying elements related to threat-led penetration tests (TLPT) under Article 26(11) of DORA (JC 2024 29).
  • Final report on joint guidelines on the estimation of aggregated annual costs and losses caused by major ICT-related incidents under Article 11(11) of DORA (JC 2024 34).
  • Final report on joint guidelines on the oversight co-operation and information exchange between the ESAs and the competent authorities under Article 32(7) of DORA (JC 2024 36).

The guidelines have been adopted by the Boards of Supervisors of the three ESAs and the final draft technical standards have been submitted to the European Commission for adoption. The expected date of application of the technical standards and guidelines is 17 January 2025.

The ESAs state that the remaining RTS on subcontracting will be published in due course.

 

Next steps

If you would like to discuss anything raised in this article, feel free to contact our Financial Regulation team.

Don't miss out


Join our mailing list and receive the Top 3-5 UK-EU Banking and Investment Regulation updates you need to know about  

Subscribe