The EACB is pleased to provide comments on the draft technical standards (RTSs and ITSs) and Guidelines as a result of the mandates outlined in the Digital Operational Resilience Act (DORA), with a specific focus on:
- The RTSs on subcontracting ICT services supporting critical or important functions
- The RTSs and ITSs on major incident reporting
- The Guidelines on estimation of aggregated annual costs and losses caused by major ICT-related incidents
- The RTS specifying elements related to threat led penetration tests
We acknowledge the efforts of the ESAs in delivering the second package within the timeline outlined in DORA. Generally, we recommend that the ESAs carefully calibrate DORA obligations and mandates, taking into account the broader context and diverse characteristics of the sectors covered. We emphasise the need to balance and align the regulatory requirements with the practical considerations of the entities involved, ensuring that the RTSs, ITS, and Guidelines under consideration are proportionate and flexible enough to accommodate the unique challenges and differences within the scope of DORA.
Please refer to the links for each consultation reply to read more.