Search

The European Supervisory Authorities (EBA, EIOPA and ESMA – the ESAs) today issued an Opinion on the European Commission’s (EC) rejection of the draft Regulatory Technical Standard (RTS) on subcontracting.

The European Supervisory Authorities (EBA, EIOPA and ESMA – the ESAs) are advancing in the implementation of the pan-European oversight framework of critical ICT third-party service providers (CTPPs) with the objective to designate the CTPPs and to start the oversight engagement this year.

The European Banking Authority (EBA) narrowed down the scope of its existing Guidelines on ICT and security risk management measures, due to the application of harmonised ICT risk management requirements under the Digital Operational Resilience Act (DORA) from 17 January 2025. These amendments aim at simplifying the ICT risk management framework and providing legal clarity to the market.

The three European Supervisory Authorities (EBA, EIOPA and ESMA – the ESAs) published today a report on the feasibility of further centralisation in the reporting of major ICT-related incidents by financial entities according to Article 21 of the Digital Operational Resilience Act (DORA).

The European Banking Authority (EBA) today repealed its Guidelines on major incidents reporting under the Payment Services Directive (PSD2) due to the application of harmonised incident reporting under the Digital Operational Resilience Act (DORA) from 17 January 2025. The repeal of the Guidelines aims at simplifying the reporting of major incidents by payment service providers (PSPs) and providing legal certainty to the market.

The European Supervisory Authorities (EBA, EIOPA and ESMA – the ESAs) published today a summary report with the key findings from the 2024 Dry Run exercise on reporting the registers of information under the Digital Operational Resilience Act (DORA). The conclusions and lessons learnt as well as individual data quality feedback provided to financial entities during the exercise will aid preparations for the official reporting starting in 2025.

The European Supervisory Authorities (EBA, EIOPA and ESMA – the ESAs) today issued an Opinion on the European Commission’s (EC) rejection of the draft Implementing Technical Standards (ITS) on the registers of information under the Digital Operational Resilience Act (DORA). The ESAs raise concerns over the impacts and practicalities of the proposed EC changes to the draft ITS on the registers of information in relation to financial entities’ contractual arrangements with ICT third-party service providers.

The three European Supervisory Authorities (EBA, EIOPA and ESMA – the ESAs) published today the second batch of policy products under the Digital Operational Resilience Act (DORA). This batch consists of four final draft regulatory technical standards (RTS), one set of Implementing Technical Standards (ITS) and 2 guidelines , all of which aim at enhancing the digital operational resilience of the EU’s financial sector.