On 13 March 2024, the European Commission adopted:
- Commission Delegated Regulation supplementing the Regulation on digital operational resilience for the financial sector (DORA) with regard to regulatory technical standards (RTS) specifying the criteria for the classification of ICT-related incidents and cyber threats, setting out materiality thresholds and specifying the details of reports of major incidents.
- Commission Delegated Regulation supplementing DORA with regard to RTS specifying the detailed content of the policy regarding contractual arrangements on the use of ICT services supporting critical or important functions provided by ICT third-party service providers.
- Commission Delegated Regulation supplementing DORA with regard to RTS specifying ICT risk management tools, methods, processes, and policies and the simplified ICT risk management framework.
It is now for European Parliament and the Council of the EU to scrutinise and adopt the delegated acts.
Our previous blog on the above delegated acts are here.