Guidelines on ICT and security risk management

Status: Final and translated into the EU official languages

These draft Guidelines establish requirements for credit institutions, investment firms and payment service providers (PSPs) on the mitigation and management of their information and communication technology (ICT) risks and aim to ensure a consistent and robust approach across the Single market. Once into force, these Guidelines will replace those on security measures for operational and security risks (EBA GL/2017/17), which will then be repealed.

Summary of document history

Previous versions Current version Ongoing versions

Consultation on ICT and security risk management

Status: Closed
Deadline: 13 MARCH 2019

Documents

Final Guidelines on ICT and security risk management

(1.72 MB - PDF) Last update 13 December 2018

Download

Responses

The form is now closed.

Received responses to the EBA

See all responses

Public hearings

Public hearing on Guidelines on ICT and security risk management

Public hearing on Guidelines on ICT and security risk management

(1.4 MB - PDF) Last update 19 February 2019

Download

Press contacts

Franca Rosa Congiu

Organisation and governance

Legal and policy framework

Supervisory convergence

Direct supervision and oversight

Information for consumers

Ad hoc activities

Risk analysis

Reporting frameworks

Data

Publications

Media centre