On 17 January 2024, the European supervisory authorities published the final reports on the first round of technical standards for the Digital Operational Resilience Act (“DORA”) on digital operational resilience in the financial sector. The four technical standards relate to the details of an ICT risk management framework, classification of ICT-related incidents, the register of information on third-party risks and the policy for ICT services that support critical or important functions. The published reports are expected to be adopted by the Commission in the form of delegated regulations in the near future.
The now final reports on technical standards for DORA form the first round of the level two regulations associated with DORA. The next round, which relates to details of reports on ICT-related incidents, threat-led penetration testing, further outsourcing of critical or important services and harmonisation of supervision, is currently subject to consultation and must be submitted to the Commission by the European supervisory authorities no later than 17 July 2024.