On 25 June 2024, the European Commission Delegated Regulation 2024/1774/EU supplementing DORA was published in the Official Journal of the European Union. The Delegated Regulation is based on the European Supervisory Authorities’ (ESAs’) regulatory technical standards (RTS) clarifying ICT risk management tools, methods, processes and policies, as well as the simplified risk management framework. The Delegated Regulation lays down requirements for financial entities (FEs) concerning the development, adoption and implementation of policies, procedures, protocols and tools for ICT risk management, ICT asset management, encryption and cryptographic controls, ICT operations security, network security, ICT project and change management, physical and environmental security. The Delegated Regulation was adopted on 13 March 2024 and will enter into force on 15 July 2024.