The EACB welcomes the opportunity to comment on the ESAs draft technical standards (RTSs and ITSs) stemming from the mandates under the Digital Operational Resilience Act (DORA), in particular:
- The RTS on ICT risk management framework and RTS on simplified ICT risk management framework
- The RTS on criteria for the classification of ICT-related incidents
- The ITS to establish the templates for the register of information
- The RTS to specify the policy on ICT services performed by ICT third-party providers
These regulatory products are key for the implementation of the regulatory framework on digital operational resilience, that will ensure that entities can withstand, respond to, and recover from all types of ICT-related disruptions and threats. While DORA has a horizontal character, we would like to highlight that sectoral legislation of financial institutions already prescribes a large number of requirements, processes and supervisory tools. It is essential that requirements are as clear as possible, pragmatic both in terms of technical expectations and timelines and avoid duplications and overlaps.
Please refer to the links for each consultation reply to read more.