European Union: Opened consultation on Regulatory Technical Standards to further harmonise ICT risk management tools, methods, processes and policies as mandated under DORA

Description

Opened consultation on Regulatory Technical Standards to further harmonise ICT risk management tools, methods, processes and policies as mandated under DORA

On 13 June 2023, the European Supervisory Authorities (ESAs) published the Draft Regulatory Technical Standards to further harmonise ICT risk management tools, methods, processes, and policies as required by Articles 15 and 16(3) of Regulation (EU) 2022/2554, which will remain open until 11 September 2023. This regulation, known as DORA, focuses on digital operational resilience for the financial sector. The new standards aim to enhance the harmonisation of ICT risk management across financial entities. They mandate the establishment of a process and methodology to conduct ICT risk assessments, identifying vulnerabilities and threats that may impact business functions, ICT systems, and supporting assets. The importance of correct identification and classification of ICT and information assets, as well as strong encryption algorithms and cryptographic controls, is emphasized to reduce the risk of data breaches and unauthorized manipulation. The standards also stress the significance of ICT operations security and Network Security. Additionally, they require the implementation of business continuity policies, response and recovery plans, and thorough testing to ensure adequate response and recovery of ICT systems in case of disruptions.

Original source

Scope

Policy Area
Other operating conditions
Policy Instrument
Local operations requirement
Regulated Economic Activity
digital payment provider (incl. cryptocurrencies), DLT development, infrastructure provider: cloud computing, storage and databases
Implementation Level
supranational
Government Branch
executive
Government Body
other regulatory body

Complete timeline of this policy change

Hide details
2023-06-13
in consultation

On 13 June 2023, the European Supervisory Authorities (ESAs) published the Draft Regulatory Technic…

2023-09-11
processing consultation

On 11 September 2023, the public consultation of the European Supervisory Authorities (ESAs) on the…

2024-01-10
under deliberation

On 10 January 2024, the three European Supervisory Authorities (EBA, EIOPA and ESMA) published a dr…

We use cookies and other technologies to perform analytics on our website. By opting in, you consent to the use by us and our third-party partners of cookies and data gathered from your use of our platform. See our Privacy Policy to learn more about the use of data and your rights.