The three European Supervisory Authorities (EBA, EIOPA, and ESMA – the ESAs) have published a second batch of policy products under the Digital Operational Resilience Act (DORA).
This batch consists of four final draft regulatory technical standards (RTS), one set of Implementing Technical Standards (ITS), and two guidelines.
The package focuses on the reporting framework for ICT-related incidents and threat-led penetration testing while also introducing some requirements on the design of the oversight framework.
The guidelines have already been adopted by the Boards of Supervisors of the three ESAs.
The final draft technical standards have been submitted to the European Commission, which will now start working on their review.
The remaining RTS on subcontracting will be published in due course.
The policy products are available below:
The four final draft technical standards
- RTS and ITS on the content, format, templates and timelines for reporting major ICT-related incidents and significant cyber threats
- RTS on the harmonisation of conditions enabling the conduct of the oversight activities
- RTS specifying the criteria for determining the composition of the joint examination team (JET)
- RTS on threat-led penetration testing (TLPT)
0 Comments