ESAs establish framework to strengthen coordination in case of systemic cyber incidents

  • Press Release
  • 17 July 2024

The three European Supervisory Authorities (EBA, EIOPA and ESMA – the ESAs) will establish the EU systemic cyber incident coordination framework (EU-SCICF), in the context of the Digital Operational Resilience Act (DORA), that will facilitate an effective financial sector response to a cyber incident that poses a risk to financial stability, by strengthening the coordination among financial authorities and other relevant bodies in the European Union, as well as with key actors at international level.

Over the coming months, the ESAs will kickstart the implementation of the framework by setting up:

  • the EU-SCICF Secretariat, supporting the functioning of the framework;
  • the EU-SCICF Forum, working on testing and maturing the functioning;
  • the EU-SCICF Crisis Coordination, facilitating during a crisis the coordination of actions by the participating authorities.

The ESAs will identify legal and other operational hurdles encountered during the initial set up and report these to the European Commission. The further development of the framework will be subject to the availability of resources and other measures taken by the European Commission.

Background

On 2 December 2021, the General Board of the European Systemic Risk Board (ESRB) adopted Recommendation ESRB/2021/17, and approved the associated report “Mitigating systemic cyber risk”, after identifying a shortfall in the existing crisis management frameworks that could lead to a lack of financial sector coordination in the event of a significant cross-border information and communication technologies (ICT) incident with systemic implications.

The ESRB recommended the ESAs to build on the role foreseen in the Digital Operational Resilience Act (DORA), and to gradually develop a pan-European systemic cyber incident coordination framework (EU-SCICF).

In July 2023, as a first step towards putting the Recommendation into practice, the ESAs, the ECB and the Member States, from their relevant national authorities, designated a main point of contact for the EU-SCICF and informed the secretariat of the ESAs of this designation. This point of contact is to facilitate the development of the framework and will be involved in the crisis process of the EU-SCICF.

Documents

The Systemic Cyber Incident Coordination Framework: EU-SCICF (factsheet)

(621.99 KB - PDF)

Press contacts

Franca Rosa Congiu