The three European Supervisory Authorities (EBA, EIOPA and ESMA – the ESAs) have published a second batch of policy products under the Digital Operational Resilience Act (DORA) and announced the creation of an EU systemic cyber incident coordination framework (EU-SCICF).

The batch of policy products consists of four final draft regulatory technical standards (RTS), one set of implementing technical standards (ITS) and two guidelines, all aiming to enhance the digital operational resilience of the EU’s financial sector.

The package focuses on the reporting framework for ICT-related incidents (reporting clarity, templates) and threat-led penetration testing while also introducing some requirements on the design of the oversight framework, which enhances the digital operational resilience of the EU financial sector, thus also ensuring continuous and uninterrupted provision of financial services to customers and safety of their data.

In addition, the ESAs have announced they will establish the EU-SCICF, in the context of the DORA, which will facilitate an effective financial sector response to a cyber incident that poses a risk to financial stability, by strengthening the coordination among financial authorities and other relevant bodies in the European Union, as well as with key actors at international level.

Over the coming months, the ESAs will kickstart the implementation of the framework by setting up: The EU-SCICF Secretariat, supporting the functioning of the framework; the EU-SCICF Forum, working on testing and maturing the functioning; and, the EU-SCICF Crisis Coordination, facilitating during a crisis the coordination of actions by the participating authorities.

“The ESAs will identify legal and other operational hurdles encountered during the initial set-up and report these to the European Commission. The further development of the framework will be subject to the availability of resources and other measures taken by the European Commission,” they said.

---