European Union: Regulatory Technical Standards on specifying the criteria for the classification of ICT related incidents, materiality thresholds for major incidents and significant cyber threats under DORA

Progress

Current status

under deliberation

10 Jan 2024 under deliberation

11 Sep 2023 processing consultation

13 Jun 2023 in consultation

Scope

Implementers

Austria

Belgium

Bulgaria

Croatia

Cyprus

Czechia

Denmark

Estonia

Finland

France

Germany

Greece

Hungary

Ireland

Italy

Latvia

Lithuania

Luxembourg

Malta

Netherlands

Poland

Portugal

Romania

Slovakia

Slovenia

Spain

Sweden

Policy Area

Data governance

Policy Instrument

Cybersecurity regulation

Regulated Economic Activity

digital payment provider (incl. cryptocurrencies)

DLT development

infrastructure provider: cloud computing, storage and databases

Government Branch

executive

Government Body

other regulatory body

central government

Implementation Level

supranational

Timeline of events

10 Jan 2024

under deliberation

Drafted Regulatory Technical Standard on the criteria for classification of ICT related incidents, materiality thresholds for major incidents/significant cyber threats under DORA

On 10 January 2024, the three European Supervisory Authorities (EBA, EIOPA and ESMA) published a draft Regulatory Technical Standard on the criteria for the classification of major ICT incidents and significant cyber threats under DORA. The RTS aim …

Source

Event type order

Action type drafting

Government branch executive

Government body other regulatory body

11 Sep 2023

processing consultation

Closed consultation on Draft Regulatory Technical Standards on the criteria for classification of ICT related incidents, materiality thresholds for major incidents/significant cyber threats under DORA

On 11 September 2023, the public consultation on the Draft Regulatory Technical Standards outlining criteria for classifying ICT-related incidents and materiality thresholds for major incidents and significant cyber threats, released by the European…

Source

Event type order

Action type consultation closed

Government branch executive

Government body central government

13 Jun 2023

in consultation

Opened consultation on Draft Regulatory Technical Standards on the criteria for classification of ICT related incidents, materiality thresholds for major incidents/significant cyber threats under DORA

On 13 June 2023, the European Supervisory Authorities (ESAs) released the Draft Regulatory Technical Standards outlining criteria for classifying ICT-related incidents and materiality thresholds for major incidents and significant cyber threats, as …

Source

Event type order

Action type consultation opened

Government branch executive

Government body central government

Progress

Scope

Timeline of events

Drafted Regulatory Technical Standard on the criteria for classification of ICT related incidents, materiality thresholds for major incidents/significant cyber threats under DORA

Closed consultation on Draft Regulatory Technical Standards on the criteria for classification of ICT related incidents, materiality thresholds for major incidents/significant cyber threats under DORA

Opened consultation on Draft Regulatory Technical Standards on the criteria for classification of ICT related incidents, materiality thresholds for major incidents/significant cyber threats under DORA

Related changes

European Union: Local operation requirement in Regulation on digital operational resilience for the financial sector (DORA)

European Union: Cybersecurity measures in Regulation on digital operational resilience for the financial sector (DORA)

European Union: Joint Guidelines on the estimation of aggregated annual costs and losses caused by major ICT-related incidents

European Union: Regulatory Technical Standard on the harmonisation of conditions enabling the conduct of the oversight activities

European Union: Joint regulatory and implementing technical standards on major incident reporting

European Union: Guidelines on the oversight cooperation and information exchange between the European Supervisory Authorities and the competent authorities

European Union: Regulatory Technical Standard specifying elements related to threat led penetration tests

European Union: Regulatory Technical Standards on the elements which a financial entity needs to determine and assess when subcontracting ICT services supporting critical or important functions

European Union: Implementing Technical Standards to establish the template register of information for all contractual arrangements on the use of ICT services provided by third-party providers under DORA

European Union: Regulatory Technical Standards on specifying certain criteria and fees relating to critical ICT third-party service providers under DORA

European Union: Regulatory Technical Standards to further harmonise ICT risk management tools, methods, processes and policies as mandated under DORA