DORA | RTS on ICT Incident Classification based on EBF’s Position

15 January 2024

The main key attention points raised by the EBF members during the consultation of the Draft RTS: Unclear definition of Critical Services; Sound Application of Proportionality Principle and Risk-based Approach; The Challenges in the Notification of Significant Threats

On June 19th, 2023, the European Supervisory Authorities (ESAs), EBA, EIOPA, and ESMA, published the first batch of Consultation Papers for the technical standards mandated by the Digital Operational Resilience Act (DORA) which aims at collecting market participants’ feedback on their development.

The European Banking Federation (EBF) and Deloitte have held a joint workshop to gather feedback from the EBF’s members, specifically around the Consultation Paper for the RTS “on specifying the criteria for the classification of ICT-related incidents, materiality thresholds for major incidents and significant cyber threats under Regulation (EU) 2022/2554” that will be submitted to the European Commission on January 17th, 2024.

Below are reported the main key attention points raised by the EBF members during the consultation of the Draft RTS:

• Unclear definition of Critical Services
• Sound Application of Proportionality Principle and Risk-based Approach
• The Challenges in the Notification of Significant Threats

A full overview of the discussion can be found here.

 

EBF

© EBF