2026-07-15

Added · Updated

Circular Letter No. CC/2026/00000020: EBA Guidelines on ICT Risk Management and Security in Payment Services

The Bank of Portugal issues this circular to highlight the applicability of the updated EBA Guidelines on ICT risk management (EBA/GL/2025/02) to supervised credit, payment, and e-money institutions under the DORA regulation. It specifically reinforces the requirements for payment service providers regarding user security, mandating proactive measures for user education, threat communication, and technical safeguards. The document outlines seven key procedures, including enabling payment feature deactivation, spending limit adjustments, and fraud alert systems, noting that these practices are integrated into the Bank's supervisory activities.

Banco de Portugal logo

Portugal

Banco de Portugal

Click to view full text