The EU Digital Operational Resilience Act (“DORA”) entered into force in January 16, 2023, setting forth security requirements for network and information systems of organizations operating in the financial sector;
Obligations under DORA are to be further detailed by Regulatory Technical Standards (“RTS”) and Implementing Technical Standards (“ITS”), aimed at harmonizing requirements and facilitating implementation;
On June 19, 2023, the European Supervisory Authorities (“ESAs”)[1]published the first batch of drafts on RTS and ITS under DORA, providing detail to certain obligations around:
- ICT security tools, policies and procedures;
- Policies on the use of third-party ICT services concerning critical or important functions;
- Criteria for the classification of ICT-related incidents; and
- Register of agreements with third-party ICT service providers.