A&O Shearman | FinReg | EU Technical Standards on classification of ICT-Related Incidents, Contractual Arrangements Policy and Risk Management Tools Published

Financial Regulatory Developments Focus

Financial Regulatory Developments Focus

Filters

Recent Posts

UK Financial Conduct Authority Confirms Date for Opening of Overseas Funds Regime Gateway to New Schemes
EU Guidelines on Funds' Names Using ESG or Sustainability-Related Terms
UK Payment Systems Regulator Publishes Response to Call for Views on Expanding Variable Recurring Payments

EU Technical Standards on classification of ICT-Related Incidents, Contractual Arrangements Policy and Risk Management Tools Published

June 25, 2024
The following three regulatory technical standards supplementing the Digital Operational Resilience Act have been published in the Official Journal of the European Union:
- RTS on the criteria for the classification of ICT-related incidents and cyber threats, setting out materiality thresholds and specifying the details of reports of major incidents (Delegated Regulation 2024/1772).
- RTS specifying the detailed content of the policy regarding contractual arrangements on the use of ICT services supporting critical or important functions provided by ICT third-party service providers (Delegated Regulation 2024/1773).
- RTS specifying ICT risk management tools, methods, processes and policies and the simplified ICT risk management framework (Delegated Regulation 2024/1774).
The Delegated Regulations will enter into force on July 15, 2024, the twentieth day following their publication in the Official Journal.

Return to main site.
Topic: Operational Resilience