The European Supervisory Authorities (ESAs) have launched a consultation on the first batch of policy products under the Digital Operational Resilience Act (DORA).

These include four draft regulatory standards (RTS) and a set of draft implementing technical standards (ITS).

The ESAs, the European Banking Authority (EBA), European Insurance and Occupational Pensions Authority (EIOPA) and European Securities and Markets Authority (ESMA), stated that the technical standards aim to ensure a consistent and harmonised legal framework on digital risk management, digital incident reporting and third-party risk management.

The DORA, which came into force on 16 January 2023 and will apply from 17 January 2025, seeks to improve the digital operational resilience of organisations from across the EU financial sector and further harmonise digital operational resilience requirements.

This regulatory framework covers digital risk management, incident management and reporting, operational resilience testing, and the management of third-party risk.

Under DORA, the ESAs are mandated to jointly develop 13 policy instruments in two batches.

The first batch of technical standards are covering in this first consultation are: RTS on a digital risk management frameworks and RTS on a simplified digital risk management framework; RTS on criteria for the classification of digital-related incidents; ITS to establish the templates for the register of information; and RTS to specify the policy on digital services performed by third-party providers.

The consultation runs until 11 September 2023, with the ESAs expected to submit these draft technical standards to the European Commission by 17 January 2024.

Share Story: