On 17 January 2025, the European Supervisory Authorities (ESAs) issued a report on the feasibility of further centralisation in the reporting of major ICT-related incidents by financial entities according to Article 21 of the Digital Operational Resilience Act (DORA).

Article 21 DORA requires that the ESAs prepare a joint report assessing the feasibility of further centralisation of incident reporting through the establishment of a single EU Hub for ICT-related incident reporting. To this end, the report presents the results of the study performed to understand and assess the options of further centralisation of incident reporting under DORA. The study has also been carried out concurrently with the drafting of DORA’s technical standards on incident reporting.

Next steps

The joint report has been submitted to the European Parliament, the European Council and the European Commission, which will consider its findings for potential future developments in relation to the further centralisation of major ICT-related incident reporting in the financial sector.