Search
The EBA launches consultation on its draft Guidelines on third-party risk management with regard to non-ICT related services
The European Banking Authority (EBA) today launched a public consultation on the draft Guidelines on the sound management of third-party risk. The draft Guidelines focus on third-party arrangements in relation to non-ICT related services provided by third-party service providers and their subcontractors with a particular focus on the provision of critical or important functions. These Guidelines revise and update the previous EBA Guidelines on outsourcing, published in 2019, in line with the Digital Operational Resilience Act (DORA). The consultation runs until 8 October 2025.
Consultation on draft Guidelines on the sound management of third-party risk
ESAs Joint Committee Opinion on the rejection of the RTS on subcontracting under DORA
The ESAs acknowledge the European Commission's amendments to the technical standard on subcontracting under the Digital Operational Resilience Act
The European Supervisory Authorities (EBA, EIOPA and ESMA – the ESAs) today issued an Opinion on the European Commission’s (EC) rejection of the draft Regulatory Technical Standard (RTS) on subcontracting.
Roadmap towards the designation of CTPPs under DORA
The ESAs provide a roadmap towards the designation of CTPPs under DORA
The European Supervisory Authorities (EBA, EIOPA and ESMA – the ESAs) are advancing in the implementation of the pan-European oversight framework of critical ICT third-party service providers (CTPPs) with the objective to designate the CTPPs and to start the oversight engagement this year.
Final report on amending Guidelines on ICT risk and security management
The EBA amends its Guidelines on ICT and security risk management measures in the context of DORA application
The European Banking Authority (EBA) narrowed down the scope of its existing Guidelines on ICT and security risk management measures, due to the application of harmonised ICT risk management requirements under the Digital Operational Resilience Act (DORA) from 17 January 2025. These amendments aim at simplifying the ICT risk management framework and providing legal clarity to the market.
Joint Report on the feasibility for further Centralisation of reporting of major ICT incidents
ESAs publish study on feasibility of further centralisation of major ICT-related incident reporting by financial entities
The three European Supervisory Authorities (EBA, EIOPA and ESMA – the ESAs) published today a report on the feasibility of further centralisation in the reporting of major ICT-related incidents by financial entities according to Article 21 of the Digital Operational Resilience Act (DORA).
The EBA repeals the Guidelines on major incident reporting under the revised Payment Services Directive
The European Banking Authority (EBA) today repealed its Guidelines on major incidents reporting under the Payment Services Directive (PSD2) due to the application of harmonised incident reporting under the Digital Operational Resilience Act (DORA) from 17 January 2025. The repeal of the Guidelines aims at simplifying the reporting of major incidents by payment service providers (PSPs) and providing legal certainty to the market.
ESA 2024 35 DORA Dry Run exercise summary report
The ESAs’ Dry Run exercise shows the goal of reporting of registers of information under Digital Operational Resilience Act in 2025 within reach
The European Supervisory Authorities (EBA, EIOPA and ESMA – the ESAs) published today a summary report with the key findings from the 2024 Dry Run exercise on reporting the registers of information under the Digital Operational Resilience Act (DORA). The conclusions and lessons learnt as well as individual data quality feedback provided to financial entities during the exercise will aid preparations for the official reporting starting in 2025.
ESAs Public Statement on DORA application
ESAs respond to the European Commission’s rejection of the technical standards on registers of information under the Digital Operational Resilience Act and call for swift adoption
The European Supervisory Authorities (EBA, EIOPA and ESMA – the ESAs) today issued an Opinion on the European Commission’s (EC) rejection of the draft Implementing Technical Standards (ITS) on the registers of information under the Digital Operational Resilience Act (DORA). The ESAs raise concerns over the impacts and practicalities of the proposed EC changes to the draft ITS on the registers of information in relation to financial entities’ contractual arrangements with ICT third-party service providers.