On 25 June 2024, the European Commission Delegated Regulation 2024/1772/EU supplementing DORA was published in the Official Journal of the European Union. The Delegated Regulation is based on the European Supervisory Authorities’ (ESAs’) regulatory technical standards (RTS) setting out the criteria to classify ICT-related incidents or operational or payment-related incidents, materiality thresholds for major incidents and significant cyber threats. The Delegated Regulation was adopted on 13 March 2024 and will enter into force on 15 July 2024.