European Supervisory Authorities Finalize Second Set of Technical Standards and Guidelines Under Digital Operational Resilience Act

The European Supervisory Authorities have published the final reports for the second collection of policy materials under the Digital Operational Resilience Act. These are the:

• Final report on draft regulatory technical standards and implementing technical standards on the content, format, templates and timelines for reporting major ICT-related incidents and significant cyber threats under Article 20 DORA.
• Final report on draft RTS on the harmonization of conditions enabling the conduct of the oversight activities under Article 41(1)(c) DORA.
• Final report on draft RTS on the harmonization of conditions enabling the conduct of the oversight activities under Article 41(1)(a), (b) and (d) of DORA.
• Final report on draft RTS specifying elements related to threat-led penetration tests under Article 26(11) DORA.
• Final report on joint guidelines on the estimation of aggregated annual costs and losses caused by major ICT-related incidents under Article 11(11) DORA.
• Final report on joint guidelines on the oversight co-operation and information exchange between the ESAs and the competent authorities under Article 32(7) DORA.

The final draft technical standards have been submitted to the European Commission for adoption. The expected date of application of the technical standards and guidelines is January 17, 2025, which is the date from which DORA applies directly across all EU member states. The ESAs advise that the remaining RTS on subcontracting will be published in due course.

Return to main website.