Guidelines on ICT and security risk management

  • Status: Final and translated into the EU official languages

These draft Guidelines establish requirements for credit institutions, investment firms and payment service providers (PSPs) on the mitigation and management of their information and communication technology (ICT) risks and aim to ensure a consistent and robust approach across the Single market. Once into force, these Guidelines will replace those on security measures for operational and security risks (EBA GL/2017/17), which will then be repealed.

Summary of document history

Previous versions Current version Ongoing versions

Final report on Guidelines on ICT and security risk management

  • Status: Applicable
  • Application date:
  • Compliance deadline:
Documents
Final Guidelines on ICT and security risk management

(1.72 MB - PDF) Last update 13 December 2018

Compliance table

(217.51 KB - PDF) Last update 17 October 2023

Press contacts

Franca Rosa Congiu