1. European
  2. ESA - Joint Committee - European Supervisory Authorities
  3. Consultations
  4. 2023
Date-stamp loading
  1. Consultation Paper - Draft regulatory technical standard on the harmonisation of conditions enabling the conduct of the oversight activities under Article 41(1) points (a), (b) and (d) of Regulation (EU) 2022/2554 (JC 2023 69)
Next
Published date: 8 December 2023

Consultation Paper - Draft regulatory technical standard on the harmonisation of conditions enabling the conduct of the oversight activities under Article 41(1) points (a), (b) and (d) of Regulation (EU) 2022/2554 (JC 2023 69)

Closed
4 March 2024
Comparison of Draft Technical Standards: Consultation Paper vs Final Report

The ESAs second set of technical standards under the DORA aimed at enhancing the digital operational resilience of the EU financial sector by strengthening financial entities’ ICT and third-party risk management and incident reporting frameworks.

RTS on the content, format, templates and timelines for reporting major ICT-related incidents and significant cyber threats Consultation Final Report Comparison
ITS on the content, format, templates and timelines for reporting major ICT-related incidents and significant cyber threats Consultation Final Report Comparison
RTS on the harmonization of conditions enabling the conduct of the oversight activities Consultation Final Report Comparison
RTS specifying the criteria for determining the composition of the joint examination team (JET) Consultation Final Report Comparison
RTS on threat-led penetration testing (TLPT) Consultation Final Report Comparison
Guidelines on the estimation of aggregated costs/losses caused by major ICT-related incidents Consultation Final Report Comparison
Guidelines on oversight cooperation Consultation Final Report Comparison

Consultation dated 27 November 2023 and made available 8 December 2023.

Accompanying documents
Comparing proposed amendment...
1. Responding to this consultation
2. Executive Summary
3. Background and rationale
4. Overview of questions for consultation
5. Draft Regulatory Technical Standards
Recitals
Chapter I Information to be provided by Information and Communication Technology third-party service providers in the application for a voluntary request to be designated as critical (arts. 1-2)
Article 1 Information to be provided by Information and Communication Technology third-party service provider in the application for a voluntary request to be designated as critical
Article 2 Assessment of completeness of application
Chapter II Information from critical ICT third-party service providers to the Lead Overseer (arts. 3-6)
Article 3 Content of information provided by critical ICT third-party service providers
Article 4 Remediation plan and progress reports
Article 5 Structure and format of information provided by critical ICT third-party service providers
Article 6 Information on subcontracting arrangements provided by critical ICT third-party service providers
Chapter III Competent authorities' assessment of the measures taken by critical ICT third-party service providers based on recommendations of the Lead Overseer (art. 7)
Article 7 Competent authorities' assessment of the risks addressed in the recommendations of the Lead Overseer
Chapter IV Final provisions (art. 8)
Article 8 Entry into force
Annex
6. Draft cost-benefit analysis / impact assessment
Next