Digital concept of graphs

Topic: Digital operational resilience in financial services dora

 Subscribe to Digital operational resilience in financial services dora

Further DORA delegated acts published in OJ

February 27, 2025

On 20 February 2025, the following was published in the Official Journal of the EU (OJ).

ESAs provide a roadmap towards the designation of CTPPs under DORA

February 27, 2025

On 18 February 2025, the European Supervisory Authorities (ESAs) issued a roadmap to the designation of critical ICT third-party service providers (CTPPs) under the Digital Operational Resilience Act (DORA).

DORA delegated act published in OJ

February 27, 2025

On 13 February 2025, there was published in the Official Journal of the EU (OJ), Commission Delegated Regulation (EU) 2025/295 of 24 October 2024 supplementing the Regulation on digital operational resilience for the financial sector with regard to regulatory technical standards on harmonisation of conditions enabling the conduct of the oversight activities.

DORA Delegated Regulation on TLPT

February 27, 2025

On 13 February 2025, the European Commission adopted a draft Delegated Regulation supplementing the Regulation on digital operational resilience for the financial sector with regard to regulatory technical standards

Eurosystem updates TIBER-EU framework to align with DORA

February 27, 2025

On 11 February 2025, the Eurosystem updated its European framework for threat intelligence-based ethical red-teaming (TIBER-EU framework) to align with the regulatory technical standards (RTS) of the Digital Operational Resilience Act (DORA) on threat-led penetration testing (TLPT).

DORA: Commission rejects draft RTS on subcontracting ICT services supporting critical or important functions

February 17, 2025

On 31 January 2025, the European Commission (Commission) published a letter (dated 21 January 2025) it had sent to the Chair of the Joint Committee of the European Supervisory Authorities (ESAs).

EBA amends its Guidelines on ICT and security risk management measures in the context of DORA application

February 17, 2025

On 11 February 2025, the European Banking Authority (EBA) issued an updated version of its guidelines on ICT and security risk management measures which were built on the provisions of Article 74 of the Capital Requirements Directive IV and the Payment Services Directive 2.

ESAs statement on DORA application

December 12, 2024

On 4 December 2024, the European Supervisory Authorities (ESAs) issued a statement on the application of the Digital Operational Resilience Act (DORA).

Published in OJ: DORA Implementing Regulation on standard templates for the register of information

December 12, 2024

On 2 December 2024, there was published in the Official Journal of the EU Commission Implementing Regulation (EU) 2024/2956 of 29 November 2024 laying down implementing technical standards for the application of the Regulation on digital operational resilience for the financial sector (DORA) with regard to standard templates for the register of information. The Implementing Regulation enters into force on the twentieth day following that of its publication in the Official Journal of the European Union (22 December 2024).

ESAs announce timeline to collect information for the designation of critical ICT third-party service providers under DORA

November 26, 2024

On 15 November 2024, the European Supervisory Authorities issued a Decision on the information that Member State competent authorities (NCAs) must report to them for the designation of critical ICT third-party service providers under the Digital Operational Resilience Act (DORA).