Search
Factsheet for 2024 DORA dry run exercise
ESAs to run voluntary dry run exercise to prepare industry for the next stage of DORA implementation
The European Supervisory Authorities (EBA, EIOPA and ESMA – the ESAs) today announced that they will launch in May the voluntary exercise for the collection of the registers of information of contractual arrangements on the use of ICT third-party service providers by the financial entities. Under the Digital Operation Resilience Act (DORA) and starting from 2025, financial entities will have to maintain registers of information regarding their use of ICT third-party providers. In this dry run exercise, this information will be collected from financial entities through their competent authorities and will serve as preparation for the implementation and reporting of registers of information under DORA.
Implementing Technical Standards to establish the templates for the register of information
Regulatory Technical Standards on the policy on ICT services supporting critical or important functions provided by ICT third-party service providers
Regulatory Technical Standards on criteria for the classification of ICT-related incidents
Draft RTS on ICT Risk Management Framework and on simplified ICT Risk Management Framework
Draft RTS to specify the policy on ICT services supporting critical or important functions
Draft RTS on classification of major incidents and significant cyber threats
Draft ITS on Register of Information
Regulatory Technical Standards on ICT risk management framework and on simplified ICT risk management framework
ESAs publish first set of rules under DORA for ICT and third-party risk management and incident classification
The three European Supervisory Authorities (EBA, EIOPA and ESMA – the ESAs) published today the first set of final draft technical standards under the Digital Operational Resilience Act (DORA) aimed at enhancing the digital operational resilience of the EU financial sector by strengthening financial entities’ Information and Communication Technology (ICT) and third-party risk management and incident reporting frameworks.