The European Supervisory Authorities (EBA, EIOPA and ESMA – the ESAs) today announced that they will launch in May the voluntary exercise for the collection of the registers of information of contractual arrangements on the use of ICT third-party service providers by the financial entities. Under the Digital Operation Resilience Act (DORA) and starting from 2025, financial entities will have to maintain registers of information regarding their use of ICT third-party providers. In this dry run exercise, this information will be collected from financial entities through their competent authorities and will serve as preparation for the implementation and reporting of registers of information under DORA.

Regulatory activity Adopted and published in the Official Journal of the EU

Implementing Technical Standards to establish the templates for the register of information

Regulatory activity Adopted and published in the Official Journal of the EU

Regulatory Technical Standards on the policy on ICT services supporting critical or important functions provided by ICT third-party service providers

Regulatory activity Adopted and published in the Official Journal of the EU

Regulatory Technical Standards on criteria for the classification of ICT-related incidents

Document

17 January 2024

Draft RTS on ICT Risk Management Framework and on simplified ICT Risk Management Framework

Download document View press release

Document

17 January 2024

Organisation and governance

Legal and policy framework

Careers

Supervisory convergence

Direct supervision and oversight

Information for consumers

Ad hoc activities

Risk analysis

Reporting frameworks

Data

Publications

Media centre

Search

Joint Regulatory Technical Standards specifying elements related to threat led penetration tests

Joint Regulatory Technical Standards on the criteria for determining the composition of the joint examination team

Joint Guidelines on oversight cooperation

Joint Guidelines on the estimation of aggregated costs/losses caused by major ICT-related incidents

Joint Regulatory Technical Standards on the criteria for determining the composition of the joint examination team (JET)

Presentation – workshop on exercise tools 10 June 2024

Draft Data point model – annotated table layout

DORA plain csv sample reporting package

Instructions to XLS to CSV conversion tool

Template for the register of information

Draft taxonomy

Responses to public consultations on DORA (2nd batch)

Factsheet for 2024 DORA dry run exercise

ESAs to run voluntary dry run exercise to prepare industry for the next stage of DORA implementation

Implementing Technical Standards to establish the templates for the register of information

Regulatory Technical Standards on the policy on ICT services supporting critical or important functions provided by ICT third-party service providers

Regulatory Technical Standards on criteria for the classification of ICT-related incidents

Draft RTS on ICT Risk Management Framework and on simplified ICT Risk Management Framework

Draft RTS to specify the policy on ICT services supporting critical or important functions

Draft RTS on classification of major incidents and significant cyber threats