On 13 February 2025, there was published in the Official Journal of the EU (OJ), Commission Delegated Regulation (EU) 2025/295 of 24 October 2024 supplementing the Regulation on digital operational resilience for the financial sector with regard to regulatory technical standards on harmonisation of conditions enabling the conduct of the oversight activities.
On 13 February 2025, the European Commission adopted a draft Delegated Regulation supplementing the Regulation on digital operational resilience for the financial sector with regard to regulatory technical standards specifying the criteria used for identifying financial entities required to perform threat-led penetration testing, the requirements and standards governing the use of internal testers, the requirements
On 6 February 2025, the European Commission published a set of draft guidelines on the definition of ‘artificial intelligence (AI) system’ for the purposes of the EU AI Act, which began to apply on 2 February 2025.
Background
Under the EU AI Act (which aims to promote innovation while ensuring high levels of
On 11 February 2025, the Bank of International Settlements published a speech by Denis Beau, First Deputy Governor of the Bank of France, at the Cercle IA et finance.
In his speech Mr Denis discusses, from a supervisor’s perspective, the opportunities and risks of AI and then the conditions necessary for effective regulation of AI
On 11 February 2025, the European Banking Authority (EBA) issued an updated version of its guidelines on ICT and security risk management measures which were built on the provisions of Article 74 of the Capital Requirements Directive IV and the Payment Services Directive 2. The update to the guidelines is to avoid duplication
On 5 February 2025, the European Banking Authority (EBA) issued its opinion on the European Commission’s (Commission) proposed amendments to the draft regulatory technical standards (RTS) specifying the requirements for policies and procedures on conflicts of interest for issuers of asset-referenced tokens (ARTs) under the Markets in
On 31 January 2025, the European Commission (Commission) published a letter (dated 21 January 2025) it had sent to the Chair of the Joint Committee of the European Supervisory Authorities (ESAs). The letter concerns the draft Delegated Regulation supplementing the Digital Operational Resilience Act (DORA) with regard to regulatory
On 27 January 2025, the European Supervisory Authorities (ESAs) published Terms of Reference for the European Systemic Cyber Incident Coordination Framework (EU-SCICF). The EU-SCICF is set up in accordance with Article 49(1) of the Regulation on digital operational resilience for the financial sector (DORA) and the ESAs Joint Committee
On 22 January 2025, the European Supervisory Authorities (ESAs) published guidance prepared by the European Commission (Commission) on the definition of ICT services under the Digital Operational Resilience Act (DORA). The guidance was eagerly awaited by the European financial services industry subject to DORA’s requirements, seeking clarity on the