On 25 June 2024, the European Commission Delegated Regulation 2024/1774/EU supplementing DORA was published in the Official Journal of the European Union. The Delegated Regulation is based on the European Supervisory Authorities’ (ESAs’) regulatory technical standards (RTS) clarifying ICT risk management tools, methods, processes and policies, as well as the simplified risk management framework. The Delegated Regulation lays down requirements for financial entities (FEs) concerning the development, adoption and implementation of policies, procedures, protocols and tools for ICT risk management, ICT asset management, encryption and cryptographic controls, ICT operations security, network security, ICT project and change management, physical and environmental security. The Delegated Regulation was adopted on 13 March 2024 and will enter into force on 15 July 2024.
Related Posts
ESAs publication of the Joint Final Report on the draft Regulatory Technical Standards (RTS) to specify the elements that a financial entity needs to determine and assess when subcontracting information and communication technology (ICT) services supporting critical or important functions as mandated under Regulation 2022/2554/EU (DORA), 26 July 2024
EBA publication of the Final Report on the Final Draft ITS amending Commission Implementing Regulation 2021/451/EU on supervisory reporting mentioned in Art. 430(7) of Regulation 575/2013/EU (CRR) concerning output floor, credit risk, market risk, operational risk, crypto assets and leverage ratio, 9 July 2024
Publication of the European Commission Delegated Regulation 2024/1773/EU supplementing Regulation 2022/2554/EU (DORA) with regard to RTS specifying the detailed content of the policy regarding contractual arrangements on the use of ICT services supporting critical or important functions provided by ICT third-party service providers in the Official Journal of the European Union, 25 June 2024
Publication of the European Commission Delegated Regulation 2024/1772/EU supplementing Regulation 2022/2554/EU (DORA) with regard to RTS specifying the criteria for the classification of ICT-related incidents and cyber threats, setting out materiality thresholds and specifying the details of reports of major incidents in the Official Journal of the European Union, 25 June 2024