Search

European Banking Authority (EBA) outlines the EU-SCICF, a framework for coordinating responses to systemic cyber incidents threatening financial stability, involving national and EU authorities to share information and align crisis measures.

EBA, EIOPA, and ESMA finalize technical standards under DORA for major incident and cyber threat reporting, defining content, templates, timelines, and procedures for financial entities, including streamlined templates and adjusted reporting deadlines.

EBA, EIOPA, and ESMA finalize regulatory technical standards under DORA to define criteria for composing joint examination teams, ensuring balanced participation of ESA and competent authority staff in ICT third-party service provider oversight.

European Supervisory Authorities finalize Regulatory Technical Standards under DORA to define criteria, requirements, and methodology for threat-led penetration testing (TLPT), including tester roles, testing phases, and supervisory cooperation, following public consultation feedback.

European Supervisory Authorities finalize Regulatory Technical Standards under DORA to harmonize oversight conditions for critical ICT third-party service providers, detailing information requirements, subcontracting arrangements, and assessment processes for competent authorities.

EBA, EIOPA, and ESMA joint guidelines under DORA for financial entities on estimating and reporting aggregated annual costs and losses from major ICT-related incidents, ensuring harmonization, proportionality, and reduced reporting burden.

EBA, EIOPA, and ESMA finalize joint guidelines under DORA to establish cooperation and information exchange procedures between European Supervisory Authorities and competent authorities for consistent oversight of critical ICT third-party service providers, effective January 2025.

EBA, EIOPA, and ESMA workshop on 10 June 2024 presenting DORA dry run tools for financial entities, covering data collection templates, file preparation, and reporting guidance for registers of information.

European Supervisory Authorities (EBA, EIOPA, ESMA) and ENISA establish a cooperation framework under DORA and NIS2 Directive to enhance cybersecurity, incident reporting, technical standards, and cross-sector collaboration in the EU financial sector.

EBA guidance on using the Excel template and VBA-based CSV generator tool for financial entities to report the DORA Register of Information during the 2024 voluntary dry run exercise, including system settings and optional reporting assistance.

EBA, EIOPA, and ESMA conduct a 2024 dry run to help financial entities prepare their ICT third-party provider registers under DORA, due by January 2025, offering feedback, data quality checks, and reporting process testing.

EBA, EIOPA, and ESMA finalize draft Regulatory Technical Standards under DORA to harmonize ICT risk management tools, processes, and policies, including a simplified framework for certain financial entities, addressing proportionality, encryption, access control, and third-party ICT services.

EBA, EIOPA, and ESMA finalize draft Regulatory Technical Standards under DORA to define requirements for financial entities' ICT third-party risk policies, including contractual arrangements, risk assessments, and business continuity for critical or important functions.

EBA, EIOPA, and ESMA finalize draft Regulatory Technical Standards under DORA, defining criteria for classifying ICT-related incidents, materiality thresholds for major incidents, and significant cyber threats, with proportionality adjustments following public consultation.