Search

2 results

Document

11 February 2025

Final report on amending Guidelines on ICT risk and security management

EBA final report amending ICT and security risk management guidelines to align with DORA, clarifying scope for payment service providers not covered by DORA while harmonizing ICT risk frameworks under PSD2 and CRD.

Download document View press release

Press Release 11 February 2025

The EBA amends its Guidelines on ICT and security risk management measures in the context of DORA application

The European Banking Authority (EBA) narrowed down the scope of its existing Guidelines on ICT and security risk management measures, due to the application of harmonised ICT risk management requirements under the Digital Operational Resilience Act (DORA) from 17 January 2025. These amendments aim at simplifying the ICT risk management framework and providing legal clarity to the market.

Organisation and governance

Legal and policy framework

Careers

Supervisory convergence

Direct supervision and oversight

Information for consumers

Ad hoc activities

Risk analysis

Pillar 3 data hub

Reporting

Data

Publications

Media centre

Search

Final report on amending Guidelines on ICT risk and security management

The EBA amends its Guidelines on ICT and security risk management measures in the context of DORA application