The European Supervisory Authorities (EBA, EIOPA and ESMA – the ESAs) launched a public consultation on the first batch of policy products under the Digital Operational Resilience Act (DORA). This includes four draft regulatory technical standards (RTS) and one set of draft implementing technical standards (ITS). These technical standards aim to ensure a consistent and harmonised legal framework in the areas of ICT risk management, major ICT-related incident reporting and ICT third-party risk management.
The consultation runs until 11 September 2023.
They have also published their joint response to the European Commission’s Call for Advice on two EC delegated acts under the Digital Operational Resilience Act (DORA) specifying further criteria for critical ICT third-party service providers (CTPPs) and determining oversight fees levied on such providers.
The ESAs propose 11 quantitative and qualitative indicators along with the necessary information to build up and interpret such indicators following a two-step approach. The ESAs also put forward minimum relevance thresholds for quantitative indicators, where possible and applicable, to be used as starting points in the assessment process to designate critical third-party providers.
More information here.