The latest resilience news from around the world

European Supervisory Authorities brief organizations on DORA

On 6th February 2023, the three European Supervisory Authorities (EBA, EIOPA and ESMA) held a joint public technical discussion about the Digital Operational Resilience Act (DORA).

The online event gathered over 2,000 representatives from credit and payment institutions, investment firms, (re)insurance undertakings, ICT third-party service providers, and other financial entities.

The event allowed industry participants to engage with regulators on the new legislation, share their initial views and raise any potential areas of concern regarding the policy mandates the European Supervisory Authorities (ESAs) have to develop over the course of 2023 and 2024.

During the event the ESAs provided a briefing on the DORA development process and timescales, committing to an open public consultation. Fran├žois-Louis Michaud, Executive Director at the EBA, stated that “an open public consultation is envisaged for every policy mandate where all interested stakeholders will have time to provide their written input on each draft mandate.”

DORA will be built upon five pillars, these being:

ICT risk management
Set of key principles and requirements on ICT risk management framework.

ICT-related incident reporting
Harmonise and streamline reporting and extend reporting obligations to all financial entities.

Digital operational resilience testing
Subject financial entities to basic testing or advanced testing (e.g. TLPTs).

ICT third party risk
Principle-based rules for monitoring third party risk, key contractual provisions and oversight framework for critical ICT TPPs.

Information sharing
Voluntary exchange of information and intelligence on cyber threats.

The presentations given during the event can be accessed below:



Want news and features emailed to you?

Signup to our free newsletters and never miss a story.

A website you can trust

The entire Continuity Central website is scanned daily by Sucuri to ensure that no malware exists within the site. This means that you can browse with complete confidence.

Business continuity?

Business continuity can be defined as 'the processes, procedures, decisions and activities to ensure that an organization can continue to function through an operational interruption'. Read more about the basics of business continuity here.

Get the latest news and information sent to you by email

Continuity Central provides a number of free newsletters which are distributed by email. To subscribe click here.