The ESAs (EBA, ESMA, and EIOPA) initiated a public consultation on December 8 regarding the second set of political mandates under the Digital Operational Resilience Act (DORA).
DORA aims to comprehensively address ICT risk management in the financial services sector and harmonize the existing regulations on ICT risk management in each EU State. For this purpose, the Regulation comprises four sets of Regulatory Technical Standards (RTS), a series of Implementing Technical Standards (ITS), and two Guidelines services (GL).
The public consultation concerns the 13 strategic tools entrusted to the ESAs, including:
- RTS and ITS on the content, timing, and models for reporting incidents;
- Guidelines on aggregate losses and costs resulting from severe incidents;
- RTS on the outsourcing of essential or important functions;
- RTS on the harmonization of supervision;
- Guidelines on cooperation between ESAs and competent authorities for supervision;
- RTS on Threat-based Penetration Testing (TLPT).
Any comments can be submitted until 4 March 2024, through the consultation page.