European Union: Drafted Regulatory Technical Standard to further harmonise ICT risk management tools, methods, processes and policies as mandated under DORA

Description

Drafted Regulatory Technical Standard to further harmonise ICT risk management tools, methods, processes and policies as mandated under DORA

On 10 January 2024, the three European Supervisory Authorities (EBA, EIOPA and ESMA) published a draft Regulatory Technical Standard to further harmonise ICT risk management tools, methods, processes and policies as mandated under DORA. The draft standard on ICT risk management framework aims to align practices across financial entities subject to simplified regulation, with regards to critical functions, governance arrangements, lifecycle phases, risk assessment, due diligence, conflict of interests, contractual clauses, and monitoring. The draft RTS aims to address the increasing complexity and frequency of ICT-related incidents in the financial sector by establishing a common risk framework while recognising the diversity of financial entities' size and risk profiles. It would introduce requirements for ICT risk management and a simplified framework under DORA, promoting cybersecurity resilience across all entities. The draft RTS adopts a technology-neutral approach, a principle-based and objective-focused approach, and recognises proportionality in implementation, ensuring effectiveness while minimising burdens on financial entities and supervisors. The European Commission will review the drafted technical standard with the aim of adopting it.

Original source

Scope

Policy Area
Other operating conditions
Policy Instrument
Local operations requirement
Regulated Economic Activity
digital payment provider (incl. cryptocurrencies), DLT development, infrastructure provider: cloud computing, storage and databases
Implementation Level
supranational
Government Branch
executive
Government Body
other regulatory body

Complete timeline of this policy change

Hide details
2023-06-13
in consultation

On 13 June 2023, the European Supervisory Authorities (ESAs) published the Draft Regulatory Technic…

2023-09-11
processing consultation

On 11 September 2023, the public consultation of the European Supervisory Authorities (ESAs) on the…

2024-01-10
under deliberation

On 10 January 2024, the three European Supervisory Authorities (EBA, EIOPA and ESMA) published a dr…

We use cookies and other technologies to perform analytics on our website. By opting in, you consent to the use by us and our third-party partners of cookies and data gathered from your use of our platform. See our Privacy Policy to learn more about the use of data and your rights.