The three European Supervisory Authorities (EBA, EIOPA and ESMA – the ESAs) published today the first set of final draft technical standards under the Digital Operational Resilience Act (DORA) aimed at enhancing the digital operational resilience of the EU financial sector by strengthening financial entities’ Information and Communication Technology (ICT) and third-party risk management and incident reporting frameworks.

Regulatory activity Final and translated into the EU official languages

Joint Guidelines on the oversight cooperation and information exchange between the ESAs and the competent authorities

Regulatory activity Final draft RTS/ITS adopted by the EBA and submitted to the European Commission

Joint Regulatory Technical Standards specifying elements related to threat led penetration tests

Regulatory activity Final and translated into the EU official languages

Joint Guidelines on estimation of aggregated annual costs and losses caused by major ICT-related incidents

Regulatory activity Final draft RTS/ITS adopted by the EBA and submitted to the European Commission

Joint Technical Standards on major incident reporting

Document

10 December 2023

Consultation paper on Joint draft RTS specifying elements related to threat led penetration tests

Download document View press release

Document

10 December 2023

Consultation paper on Joint draft guidelines on the oversight cooperation and information exchange between the ESAs and the competent authorities

Download document View press release

Document

10 December 2023

Consultation paper on Joint draft technical standards on major incident reporting

Download document View press release

Document

10 December 2023

Consultation on Joint draft RTS on the harmonisation of conditions enabling the conduct of the oversight activities

Download document View press release

Document

10 December 2023

Consultation paper on Joint draft Guidelines on estimation of aggregated annual costs and losses caused by major ICT-related incidents

Download document View press release

Document

10 December 2023

Consultation paper on Joint draft RTS on subcontracting ICT services supporting critical or important functions

Download document View press release

Consultation 4 MARCH 2024

Consultation on Joint draft Guidelines on estimation of aggregated annual costs and losses caused by major ICT-related incidents

Consultation 4 MARCH 2024

Consultation on Joint draft RTS on the harmonisation of conditions enabling the conduct of the oversight activities Introductory note

Consultation 4 MARCH 2024

Consultation on Joint draft guidelines on the oversight cooperation and information exchange between the ESAs and the competent authorities

Consultation 4 MARCH 2024

Organisation and governance

Legal and policy framework

Careers

Supervisory convergence

Direct supervision and oversight

Information for consumers

Ad hoc activities

Risk analysis

Reporting

Data

Publications

Media centre

Search

Draft RTS on ICT Risk Management Framework and on simplified ICT Risk Management Framework

Draft RTS to specify the policy on ICT services supporting critical or important functions

Draft RTS on classification of major incidents and significant cyber threats

Draft ITS on Register of Information

Regulatory Technical Standards on ICT risk management framework and on simplified ICT risk management framework

ESAs publish first set of rules under DORA for ICT and third-party risk management and incident classification

Joint Guidelines on the oversight cooperation and information exchange between the ESAs and the competent authorities

Joint Regulatory Technical Standards specifying elements related to threat led penetration tests

Joint Guidelines on estimation of aggregated annual costs and losses caused by major ICT-related incidents

Joint Technical Standards on major incident reporting

Consultation paper on Joint draft RTS specifying elements related to threat led penetration tests

Consultation paper on Joint draft guidelines on the oversight cooperation and information exchange between the ESAs and the competent authorities

Consultation paper on Joint draft technical standards on major incident reporting

Consultation on Joint draft RTS on the harmonisation of conditions enabling the conduct of the oversight activities

Consultation paper on Joint draft Guidelines on estimation of aggregated annual costs and losses caused by major ICT-related incidents

Consultation paper on Joint draft RTS on subcontracting ICT services supporting critical or important functions

Consultation on Joint draft Guidelines on estimation of aggregated annual costs and losses caused by major ICT-related incidents

Consultation on Joint draft RTS on the harmonisation of conditions enabling the conduct of the oversight activities Introductory note

Consultation on Joint draft guidelines on the oversight cooperation and information exchange between the ESAs and the competent authorities

Consultation on Joint draft RTS specifying elements related to threat led penetration tests