Topic: Digital operational resilience in financial services dora

On 13 March 2024, the European Commission adopted:

Commission Delegated Regulation supplementing the Regulation on digital operational resilience for the financial sector (DORA) with regard to regulatory technical standards (RTS) specifying the criteria for the classification of ICT-related incidents and cyber threats, setting out materiality thresholds and specifying the details of reports of major incidents.

On 8 December 2023 the European Supervisory Authorities (ESAs) launched public consultation on a second package of technical standards under Digital Operational Resilience Act (DORA). This includes the following draft regulatory technical standards (RTS), implementing technical standards (ITS) and guidelines.

On 1 December 2023, the Dutch Authority for the Financial Markets (Autoriteit Financiële Markten, the AFM) published its second publication on the Digital Operational Resilience Act (Regulation (EU) 2022/2554, the DORA). The publication focuses on the management of information, communication and technology (ICT) risks for third-party providers and aims to enable in-scope financial institutions to analyse their current readiness with DORA in these areas and assess what further steps they need to take to comply.

On 19 June 2023 the European Supervisory Authorities (ESAs) launched a public consultation on a first batch of regulatory and implementing technical standards (RTS and ITS) under Regulation (EU) 2022/2554 on digital operational resilience for the financial sector (DORA). This covers the draft RTS and ITS that the ESAs are expected to submit to the European Commission by 17 January 2024.

On 26 May 2023, the European Supervisory Authorities (ESAs) published a joint Discussion Paper on criteria for critical ICT third-party service providers and oversight fees. This Discussion Paper follows the request for technical advice that was sent by the European Commission (Commission) to the ESAs in late December 2022.

On 1 March 2023, the Dutch Authority for the Financial Markets (Autoriteit Financiële Markten, the AFM) published the results of an exploratory investigation into IT incident management in the capital markets. The AFM carried out this study in relation to eight trading venue operators and proprietary traders based on a self-assessment and IT incident notifications reported to the AFM.

On 6 February 2023 the three European Supervisory Authorities (ESAs) held a joint public hearing on the implementation of Regulation (EU) 2022/2554 on digital operational resilience for the financial sector (“Digital Operational Resilience Act” or DORA). As per a follow up press release, the event – held online – gathered over 2,000 representatives from credit and payment institutions, investment firms, (re)insurance undertakings, ICT third-party service providers and other financial entities. The focus of the joint hearing was to provide an opportunity for industry participants to engage with regulators on the new legislation, share their initial views and raise any potential areas of concern regarding the policy mandates that the ESAs have to develop over the course of 2023 and 2024.

On December 27, 2022, the European Regulation on digital operational resilience for the financial sector was published. It entered into force on January 17, 2023 and will apply as of January 17, 2025.

On 16 January 2023, the Regulation on digital operational resilience for the financial sector (DORA) entered into force.

On 27 December 2022, there was published in the Official Journal of the European Union (OJ)