1. Article 11(11) of Regulation 2022/2554 on digital operational resilience for the financial sector (DORA) mandates the European Supervisory Authorities (ESAs), which consist of the European Banking Authority (EBA), the European Insurance and Occupational Pensions Authority (EIOPA) and the European Securities and Markets Authority (ESMA), to develop 'common guidelines on the estimation of aggregated annual costs and losses caused by major ICT-related incidents'. The apparent aim of these Guidelines is to harmonise the estimation by financial entities of their aggregated annual costs and losses caused by major information and communication technology (ICT)-related incidents according to Article 11(10) DORA, which are then to be reported by financial entities, other than microenterprises, to their competent authority (CA) upon its request. Costs and losses incurred by the financial entities from non-major ICT-related incidents are not in the scope of these Guidelines.
2. In fulfilment o
…