2024-01-17

Final Report on Draft RTS on Classification of Major Incidents and Significant Cyber Threats under DORA

The European Supervisory Authorities issued a final report on Regulatory Technical Standards specifying criteria for classifying ICT-related incidents and significant cyber threats under DORA. The ESAs amended the draft standards to simplify the classification approach by making 'critical services affected' a mandatory condition for major incidents and adjusted materiality thresholds for clients and financial counterparts to reduce reporting burdens. These changes aim to harmonize incident reporting across the EU financial sector while ensuring proportionality and alignment with ENISA guidance.

European Union

European Securities and Markets Authority

Show thumbnailShow full textSourceAdd to collection

Show thumbnail