1. European
  2. ESA - Joint Committee - European Supervisory Authorities
  3. Final Reports
  4. 2024
Date-stamp loading
  1. Final Report - Joint Guidelines on the oversight cooperation and information exchange between the ESAs and the competent authorities under Regulation (EU) 2022/2554 (JC 2024 36)
Next
Published date: 17 July 2024

Final Report - Joint Guidelines on the oversight cooperation and information exchange between the ESAs and the competent authorities under Regulation (EU) 2022/2554 (JC 2024 36)

Comparison of Draft Technical Standards: Consultation Paper vs Final Report

The ESAs second set of technical standards under the DORA aimed at enhancing the digital operational resilience of the EU financial sector by strengthening financial entities’ ICT and third-party risk management and incident reporting frameworks.

RTS on the content, format, templates and timelines for reporting major ICT-related incidents and significant cyber threats Consultation Final Report Comparison
ITS on the content, format, templates and timelines for reporting major ICT-related incidents and significant cyber threats Consultation Final Report Comparison
RTS on the harmonization of conditions enabling the conduct of the oversight activities Consultation Final Report Comparison
RTS specifying the criteria for determining the composition of the joint examination team (JET) Consultation Final Report Comparison
RTS on threat-led penetration testing (TLPT) Consultation Final Report Comparison
Guidelines on the estimation of aggregated costs/losses caused by major ICT-related incidents Consultation Final Report Comparison
Guidelines on oversight cooperation Consultation Final Report Comparison
Comparing proposed amendment...
1. Executive Summary
2. Introduction and scope (paras. 1-12)
2.1 Introduction (paras. 1-6)
2.2 Scope (paras. 7-12)
3. Draft Guidelines on ESAs-competent authorities oversight cooperation (paras. 1.1-12.3)
Status of the Guidelines
Reporting requirements
Section 1: General considerations (paras. 1.1-4.1)
Guideline 1: Language, communication means, contact points and accessibility (paras. 1.1-1.8)
Guideline 2: Timelines (para. 2.1)
Guideline 3: Difference of opinions between ESAs and competent authorities (para. 3.1)
Guideline 4: Information exchange between ESAs and competent authorities in the context of their respective cooperation with competent authorities designated or established in accordance with NIS2 (NIS2 authorities) (para. 4.1)
Section 2: Designation of critical ICT third-party service providers (paras. 5.1-6.2)
Guideline 5: Information for the criticality assessment to be submitted by competent authorities to the ESAs (paras. 5.1-5.3)
Guideline 6: Information related to the designation of critical ICT third-party service providers to be submitted by the Lead Overseer or ESAs to competent authorities (paras. 6.1-6.2)
Section 3: Core oversight activities (paras. 7.1-9.3)
Guideline 7: Oversight plans (paras. 7.1-7.5)
Guideline 8: General investigations and inspections (paras. 8.1-8.3)
Guideline 9: Additional information exchanges between the Lead Overseer and competent authorities in relation to oversight activities (paras. 9.1-9.3)
Section 4: Follow-up of the recommendations (paras. 10.1-12.3)
Guideline 10: General principles for follow-up (para. 10.1)
Guideline 11: Information exchanges between the Lead Overseer and competent authorities to ensure the follow-up of recommendations (paras. 11.1-11.3)
Guideline 12: Decision requiring financial entities to temporarily suspend the use or deployment of a service provided by the critical ICT third-party service provider or terminate the relevant contractual arrangements concluded with the critical ICT third-party service provider (paras. 12.1-12.3)
Section 5: Final provisions
4. Accompanying documents
4.1 Draft cost-benefit analysis (paras. 1-16)
4.2 Summary of responses to the public consultation
Annex: Table summarising information exchanges
Next