On 6 November 2024, the Joint Committee of the European Supervisory Authorities (ESAs) published joint guidelines on the oversight cooperation and information exchange between the ESAs and the competent authorities under the Regulation on digital operational resilience for the financial sector (DORA).

The ESAs issue these guidelines on the basis of Article 32(7) of DORA which provides that the ESAs will issue guidelines on the cooperation between the ESAs and the competent authorities covering:

  • The detailed procedures and conditions for the allocation and execution of tasks between competent authorities and the ESAs.
  • The details on the exchanges of information which are necessary for competent authorities to ensure the follow–up of recommendations addressed to ICT third party service providers to financial entities designated as critical.

Next steps

Competent authorities must notify the respective ESA whether they comply or intend to comply with the guidelines, or otherwise with reasons for non-compliance, within two months after the issuance of the translated versions of the guidelines. In the absence of any notification by this deadline, competent authorities will be considered by the respective ESA to be non-compliant.

The guidelines apply from 17 January 2025.

They will be subject to a review by the ESAs.