Search

4 results

Document

18 February 2025

Roadmap towards the designation of CTPPs under DORA

Press Release 18 February 2025

The ESAs provide a roadmap towards the designation of CTPPs under DORA

The European Supervisory Authorities (EBA, EIOPA and ESMA – the ESAs) are advancing in the implementation of the pan-European oversight framework of critical ICT third-party service providers (CTPPs) with the objective to designate the CTPPs and to start the oversight engagement this year.

Document

11 February 2025

Final report on amending Guidelines on ICT risk and security management

Download document View press release

Press Release 11 February 2025

The EBA amends its Guidelines on ICT and security risk management measures in the context of DORA application

The European Banking Authority (EBA) narrowed down the scope of its existing Guidelines on ICT and security risk management measures, due to the application of harmonised ICT risk management requirements under the Digital Operational Resilience Act (DORA) from 17 January 2025. These amendments aim at simplifying the ICT risk management framework and providing legal clarity to the market.

Organisation and governance

Legal and policy framework

Careers

Supervisory convergence

Direct supervision and oversight

Information for consumers

Ad hoc activities

Risk analysis

Reporting frameworks

Data

Publications

Media centre

Search

Roadmap towards the designation of CTPPs under DORA

The ESAs provide a roadmap towards the designation of CTPPs under DORA

Final report on amending Guidelines on ICT risk and security management

The EBA amends its Guidelines on ICT and security risk management measures in the context of DORA application