1. European
  2. ESA - Joint Committee - European Supervisory Authorities
  3. News/Press Releases
  4. 2024
Date-stamp loading
  1. ESAs published second batch of policy products under DORA
Published date: 17 July 2024

ESAs published second batch of policy products under DORA

Comparison of Draft Technical Standards: Consultation Paper vs Final Report

The ESAs second set of technical standards under the DORA aimed at enhancing the digital operational resilience of the EU financial sector by strengthening financial entities’ ICT and third-party risk management and incident reporting frameworks.

RTS on the content, format, templates and timelines for reporting major ICT-related incidents and significant cyber threats Consultation Final Report Comparison
ITS on the content, format, templates and timelines for reporting major ICT-related incidents and significant cyber threats Consultation Final Report Comparison
RTS on the harmonization of conditions enabling the conduct of the oversight activities Consultation Final Report Comparison
RTS specifying the criteria for determining the composition of the joint examination team (JET) Consultation Final Report Comparison
RTS on threat-led penetration testing (TLPT) Consultation Final Report Comparison
Guidelines on the estimation of aggregated costs/losses caused by major ICT-related incidents Consultation Final Report Comparison
Guidelines on oversight cooperation Consultation Final Report Comparison

The three European Supervisory Authorities (EBA, EIOPA and ESMA – the ESAs) published today the second batch of policy products under the Digital Operational Resilience Act (DORA). This batch consists of four final draft regulatory technical standards (RTS), one set of Implementing Technical Standards (ITS) and 2 guidelines , all of which aim at enhancing the digital operational resilience of the EU’s financial sector.

The package focuses on the reporting framework for ICT-related incidents (reporting clarity, templates) and threat-led penetration testing while also introducing some requirements on the design of the oversight framework, which enhance the digital operational resilience of the EU financial sector, thus also ensuring continuous and uninterrupted provision of financial services to customers and safety of their data.

The ESAs are publishing the following final draft technical standards: