One of the objectives of Regulation (EU) 2022/2554 on digital operational resilience for the financial sector (DORA) is to harmonise and streamline the ICT-related incident reporting regime for financial entities (FEs) in the European Union (EU).
Article 20 of DORA mandates the European Supervisory Authorities (ESAs) to develop through the Joint Committee and in consultation with the European Central Bank and European Union Agency for Cybersecurity:
- Draft Regulatory Technical Standards (RTS) establishing the content of the reports for ICT-related incidents and the notification for significant cyber threats, and the time limits for FEs to report these incidents to competent authorities.
- Draft Implementing Technical Standards (ITS) establishing the standard forms, templates and procedures for FEs to report a major ICT-related incident or to notify a significant cyber threat.
Article 20 of DORA further requires the ESAs to ensure that the requirements of the draft RTS and ITS are prop
…