DORA Regulation: Policy Product Consultation
ESA has launched a public consultation on DORA policies, aiming to boost EU financial sector's digital resilience by managing ICT risks. It covers standards for ICT risk, incident classification, third-party risks, and more.
ESA Consultation on Digital Operational Resilience Act (DORA) Policy Products
The European Supervisory Authorities (ESA) have launched a public consultation on the first batch of policy products under the Digital Operational Resilience Act (DORA). DORA aims to enhance the overall digital operational resilience of the EU financial sector by addressing risks and vulnerabilities associated with the increased use of information and communication technology (ICT) systems. The act covers 21 different types of financial entities and includes provisions for ICT risk management, incident management and reporting, as well as third-party risk management. The consultation covers draft standards for ICT risk management, incident classification, and policies on ICT services performed by third-party providers, among others. The public consultation will last until September 11, 2023, followed by an online public hearing on July 13. The final legal instruments will be submitted to the European Commission by January 17, 2024.
ESA's DORA Consultation: Impact on EU's Financial Sector
The European Supervisory Authorities (ESA) have taken a significant step towards enhancing the digital operational resilience of the EU financial sector with the launch of a public consultation on the first batch of policy products under the Digital Operational Resilience Act (DORA). This move highlights the increasing recognition of the importance of digital resilience in the financial sector, given the growing reliance on information and communication technology (ICT) systems.
DORA covers 21 different types of financial entities and introduces provisions that address the risks and vulnerabilities associated with the use of ICT systems. Financial institutions covered by DORA can expect to see changes in ICT risk management, incident management and reporting, as well as third-party risk management. The public consultation on draft standards for ICT risk management, incident classification, and policies on third-party providers' ICT services allows stakeholders to provide their input and feedback, ensuring the final legal instruments take into account the concerns and suggestions of those directly affected.
The implications of this consultation process are far-reaching. Firstly, it signifies a step towards harmonization in the rules governing operational resilience across various financial entities. With a more unified approach to managing ICT risks and incidents, financial institutions can expect increased efficiency and effectiveness in addressing cyber risks. This harmonization also extends to third-party risk management, ensuring robust oversight and due diligence processes.
Furthermore, the consultation process fosters collaboration among competent authorities not only within the financial sector but also across different sectors and jurisdictions. This increased cooperation will result in better coordination and information sharing when it comes to managing ICT and cyber risks, benefiting the entire financial ecosystem. The consultation process acts as a platform for stakeholders to contribute their expertise and knowledge, enabling the development of practical and relevant policies that can address the evolving landscape of digital risks.
Financial institutions affected by DORA should anticipate changes in compliance requirements and timelines. The final legal instruments, resulting from the public consultation and subsequent online public hearing, will be submitted to the European Commission by January 17, 2024.
Read More