Regulatory Alerts2025-06-27
ACPR Compliance with EBA Guidelines EBA/GL/2025/02 amending EBA/GL/2019/04 on ICT and Security Risk Management
The Prudential Control and Resolution Authority (ACPR) has declared its compliance with the European Banking Authority's guidelines EBA/GL/2025/02, which amend the 2019 rules on ICT and security risk management. These updated guidelines become applicable on May 20, 2025, to all credit institutions and financial entities subject to regulation under EU Directives 2013/36/EU, 2015/2366, and 2009/110/EC. The declaration confirms that the ACPR has aligned its supervisory framework with the revised EBA standards for managing technology-related risks.
OPINION ACPR Compliance with European Banking Authority (EBA) Guidelines EBA/GL/2025/02 Amending EBA/2019/04 Guidelines on the Management of Information and Communication Technology (ICT) and Security Risks
The Prudential Control and Resolution Authority (ACPR) has declared compliance with the European Banking Authority (EBA) Guidelines EBA/GL/2025/02 of 11 February 2025 amending the EBA/2019/04 Guidelines on the management of risks related to information and communication technology (ICT) and security.
These guidelines are applicable with effect from 20 May 2025 by all credit institutions and financial entities subject to regulation and supervision under Directive 2013/36/EU, Directive (EU) 2015/2366, and Directive 2009/110/EC.