Regulatory Alerts2025-01-01
Final report on amending Guidelines on ICT risk and security management
The European Banking Authority amends its 2019 ICT and security risk management guidelines to align with the Digital Operational Resilience Act, which now covers most financial entities. The EBA repeals the majority of the original guidelines, retaining only requirements for payment service user relationship management to address entities excluded from DORA. Competent authorities must notify compliance by 20 May 2025, with the amended guidelines applying from that date.
Share