Technology

European Supervisory Authorities Publish New Policy Products under DORA

By:
Sabika Ishaq,
Magdalena Mihalcea
insight featured image
The three European Supervisory Authorities (EBA, EIOPA, and ESMA, collectively known as the ESAs) have unveiled the second batch of policy products under the Digital Operational Resilience Act (DORA). This latest release comprises four final draft regulatory technical standards (RTS), one set of Implementing Technical Standards (ITS), and two guidelines, all designed to bolster the digital operational resilience of the European Union’s financial sector.
Contents

Key Focus Areas

The new policy package primarily addresses the reporting framework for ICT-related incidents and threat-led penetration testing. It also introduces requirements for designing an oversight framework aimed at ensuring the continuous and uninterrupted provision of financial services and safeguarding customer data.

Subcontracting RTS delayed

One of the main challenges EU financial firms face when implementing DORA is how they should approach subcontracting. The ESAs were expected to finalize additional regulatory technical standards (RTS) on subcontracting ICT services supporting critical or important functions by 17 July 2024. However, in their press release for the second batch, the ESAs state that this remaining RTS will be published “in due course”.

Timeline and Implementation Concerns

All DORA requirements are set to apply on 17 January 2025, leaving firms less than six months to comply. Despite some concerns in the industry about the remaining work, the ESAs have reiterated that they do not have a mandate to introduce transitional provisions to smooth DORA implementation beyond this date.

In summary, the second batch of policy products under DORA marks a critical step towards strengthening the digital operational resilience of the EU’s financial sector. However, the delays in finalizing some technical standards pose a challenge for firms racing against the clock to meet the January 2025 deadline. With these new standards and guidelines, the ESAs are paving the way for a more secure and resilient financial ecosystem in Europe.

 

Contact

In any case of questions, please contact our Chief Information Security Officer Sabika Ishaq, or our Senior Information Security Manager, Magdalena Mihalcea.