“DORA” Regulation: published the final draft of regulatory technical standards

on by
Regolamento DORA: finalizzato dalle ESAs il primo set di norme tecniche - “DORA” Regulation: published the final draft of regulatory technical standards

Prepared by Fabrizio Cascinelli, Mario Zanin, Francesco Della Scala

As a result of the public consultation held between June and September 2023, the European Supervisory Authorities (EBA, ESMA, EIOPA, collectively the “ESAs“) have published on 17th January 2025 the final draft of regulatory technical standards under the DORA Regulation (Regulation (EU) 2022/2554, Digital Operational Resilience Act).

The DORA Regulation, published in the Official Journal of the European Union on December 27th, 2022, and applicable starting from of January 17th, 2025, creates an European regulatory framework on digital operational resilience in the financial sector in order to ensure the security of network and information systems supporting the business processes of regulated financial entities.

The ESAs are mandated to develop the draft of Regulatory Technical Standards (RTS), Implementing Technical Standards (ITS) and Guidelines that will details specific aspects; then, the regulations will be adopted by the European Commission through delegated and implementing acts.

Specifically, the DORA Regulation provides that a first set of technical standards are submitted to the European Commission by January 17th, 2024, and a second set of technical standards will be submitted to the European Commission by July 17th 2024.

Accordingly, as provided in the DORA Regulation, the ESAs have published the final draft of the documentation of the first set of technical standards and they have submitted them to the European Commission.

Such technical standards cover:

  • RTS on ICT risk management framework (pursuant to Articles 15 and 16(3), DORA);
  • RTS on criteria for classification of ICT-related incidents (pursuant to Article 18, DORA);
  • ITS to establish templates for the information registry (pursuant to Article 28(9), DORA);
  • RTS to specify policy on ICT services provided by third-party ICT providers (pursuant to Art. 28(10), DORA).

The European Commission will adopt this first set of technical standards in the following months.

Let’s Talk

For more information

Contact Fabrizio Cascinelli – Partner, PwC TLS

Discover more from Tax and Legal Solutions | PwC Italia

Subscribe now to keep reading and get access to the full archive.

Continue reading