Consultation Paper Draft Regulatory Technical Standards on the content of the notification and reports for major incidents and significant cyber threats and determining the time limits for reporting major incidents and Draft Implementing Technical Standards on the standard forms, templates and procedures for financial entities to report a major incident and to notify a significant cyber threat (JC 2023 70)

Comparison of Draft Technical Standards: Consultation Paper vs Final Report

The ESAs second set of technical standards under the DORA aimed at enhancing the digital operational resilience of the EU financial sector by strengthening financial entities’ ICT and third-party risk management and incident reporting frameworks.

RTS on the content, format, templates and timelines for reporting major ICT-related incidents and significant cyber threats	Consultation	Final Report	Comparison
ITS on the content, format, templates and timelines for reporting major ICT-related incidents and significant cyber threats	Consultation	Final Report	Comparison
RTS on the harmonization of conditions enabling the conduct of the oversight activities	Consultation	Final Report	Comparison
RTS specifying the criteria for determining the composition of the joint examination team (JET)	Consultation	Final Report	Comparison
RTS on threat-led penetration testing (TLPT)	Consultation	Final Report	Comparison
Guidelines on the estimation of aggregated costs/losses caused by major ICT-related incidents	Consultation	Final Report	Comparison
Guidelines on oversight cooperation	Consultation	Final Report	Comparison

Accompanying documents

Digital Operational Resilience Act (DORA): public consultation on the second batch of policy products
Consultation paper on Joint draft RTS on subcontracting ICT services supporting critical or important functions (JC 2023 67)
Consultation paper on Joint draft Guidelines on estimation of aggregated annual costs and losses caused by major ICT-related incidents(JC 2023 68)
Consultation on Joint draft RTS on the harmonisation of conditions enabling the conduct of the oversight activities (JC 2023 69)
Consultation paper on Joint draft guidelines on the oversight cooperation and information exchange between the ESAs and the competent authorities (JC 2023 71)
Consultation paper on Joint draft RTS specifying elements related to threat led penetration tests (JC 2023 72)

Comparing proposed amendment...


	1. Responding to this consultation
	2. Executive Summary
	3. List of abbreviations
	4. Background and rationale (paras. 1-34)
	4.1 Background (paras. 1-6)
	4.2 Rationale (paras. 7-34)
	4.2.1 Reporting timelines (paras. 12-20)
	4.2.2 Content of major incident notifications and reports, and notifications of significant cyber threats (paras. 21-26)
	4.2.3 Format, templates and reporting requirements (paras. 27-34)
	5. Draft regulatory technical standards
	Recitals
	Article 1 General provisions
	Article 2 General information to be provided in the major incident notifications, intermediate and final reports
	Article 3 Content of initial notifications
	Article 4 Content of intermediate reports
	Article 5 Content of final reports
	Article 6 Time limits for the initial notification and intermediate report and final reports referred to in Article 19(4) of Regulation (EU) 2022/2554
	Article 7 Content of the notification of significant cyber threat
	Article 8 Entry into force
	Done at
	6. Draft implementing standards
	Recitals
	Article 1 Standard form for reporting of ICT-related major incidents
	Article 2 Submission of initial notification, intermediate and final reports together
	Article 3 Recurring incidents
	Article 4 Use of secure channels and notification of competent authorities in case of deviation from established channels or time limits
	Article 5 Reclassification of major incidents
	Article 6 Outsourcing of the reporting obligation
	Article 7 Standard form for reporting of notification of significant cyber threats
	Article 8 Data precision and information associated with submissions
	Article 9 Entry into force and application
	Done at
	Annex I Templates for the reporting of major incidents
	Annex II Data glossary and instructions for the reporting of major incidents
	Annex III Templates for notification of significant cyber threats
	Annex IV Data glossary and instructions for notification of significant cyber threats
	Annex V
	7. Accompanying documents
	7.1 Draft cost-benefit analysis / impact assessment
	7.2 Overview of questions for consultation

Page overview

RELATED

Document overview

Set a date to view the document

Text comparison

Print / Export Options

Export

Report template

Bookmarks

Search within this document

Request a trial

The best way to experience Better Regulation is to try it - free and without obligation.