-
EU Technical Standards on classification of ICT-Related Incidents, Contractual Arrangements Policy and Risk Management Tools Published
June 25, 2024The following three regulatory technical standards supplementing the Digital Operational Resilience Act have been published in the Official Journal of the European Union:- RTS on the criteria for the classification of ICT-related incidents and cyber threats, setting out materiality thresholds and specifying the details of reports of major incidents (Delegated Regulation 2024/1772).
- RTS specifying the detailed content of the policy regarding contractual arrangements on the use of ICT services supporting critical or important functions provided by ICT third-party service providers (Delegated Regulation 2024/1773).
- RTS specifying ICT risk management tools, methods, processes and policies and the simplified ICT risk management framework (Delegated Regulation 2024/1774).
The Delegated Regulations will enter into force on July 15, 2024, the twentieth day following their publication in the Official Journal.
Return to main site.
Financial Regulatory Developments Focus