DORA - Improving digital operational resilience against cyberattacks

Topic area:
Status: 23.04.2024 |
Aktuell
Key words:
IT security / cyber risk, Main version
Initiative
Official name
REGULATION (EU) 2022/2554 OF THE EUROPEAN PARLIAMENT AND OF THE COUNCIL of 14 December 2022 on digital operational resilience for the financial sector and amending Regulations (EC) No 1060/2009, (EU) No 648/2012, (EU) No 600/2014, (EU) No 909/2014 and (EU) 2016/1011 (COM(2020)0595 – C9-0304/2020 – 2020/0266(COD))
Type
Regulation
Level 1
Initiator
EU
Submitted
19.12.2019
Doc. code
2022/2554
Summary
Status
Status

Get a subscription to have access to the whole content.

Current version
Final version
14.12.2022
Next step
Entry into force and application
Entry into force

Get a subscription to have access to the whole content.

Application date

Get a subscription to have access to the whole content.

Scope
Relevant for

Get a subscription to have access to the whole content.

Associated initiatives
Level 1
DORA Directive (binding, Amendment, EU)
Regulation on a framework for Financial Data Access (Open Finance - FIDA) (binding, Main version, Amendment, EU)
Financial Market Digitization Act - FinmadiG (binding, Main version, Amendment, DE)
DORA Enforcement Act (binding, AT)
Level 2
RTS on ICT risk management tools methods processes and policies (binding, Supplement, EU)
RTS on criteria for the classification of ICT related incidents (binding, Supplement, EU)
ITS on the register of information on the use of ICT third-party services (binding, Supplement, EU)
RTS on the policy on the use of ICT third-party services supporting critical or important functions (binding, Supplement, EU)
Specification of the criteria for desgnation of ICT third-party service providers as critical for financial entities (non-binding, Supplement, EU)
Amount of the oversight fees to be charged by the Lead Overseer to critical ICT third-party service providers (binding, Supplement, EU)
Guidelines on aggregated costs and losses from major ICT-related incidents (binding, Supplement, EU)
RTS on subcontracting of critical or important functions including outsourcing management (binding, Supplement, EU)
RTS on oversight harmonisation under DORA (binding, Supplement, EU)
Guidelines on the oversight cooperation and information exchange between the ESAs and the competent authorities (binding, Supplement, EU)
RTS on threat-led penetration testing (TLPT) (binding, Supplement, EU)
RTS/ITS for the content of notifications and reports on major ICT incidents under DORA (binding, Supplement, EU)
Level 3 / Other
Digital Finance Package (non-binding, EU)
Criteria for critical ICT third-party service providers and oversight fees under DORA (non-binding, Amendment, EU)
ESAs Report on the landscape of ICT third-party providers (non-binding, EU)
Aufsichtsmitteilung zu Auslagerungen an Cloud-Anbieter Aktualisiert Februar 2024 (binding, DE)
Report on operational policy tools for cyber resilience (non-binding, EU)

Source: EU, 2022/2554, 2022