FIA responds to DORA Level 2 consultations

11 September 2023

FIA has responded to the European Supervisory Authorities’ consultations on the first batch of policy products under the Digital Operational Resilience Act (DORA).

DORA, which entered into force on 16 January 2023 and will apply from 17 January 2025, aims to enhance the digital operational resilience of entities across the EU financial sector.

The first batch of technical standards consultations from the ESAs aim to ensure a consistent and harmonised legal framework in information and communication technology (ICT) risk management, major ICT-related incident reporting, and ICT third-party risk management.

While FIA generally supports the ESAs’ proposed changes, its responses highlight remaining industry concerns and areas where more clarity is needed.

Read the responses here:

  • FIA’s response to "Regulatory Technical Standards (RTS) on Information and Communication Technology (ICT) Risk Management Framework and RTS on Simplified ICT Risk Management Framework"
  • FIA’s response to "RTS on Criteria for the Classification of ICT-Related Incidents"
  • FIA’s response to "Implementing Technical Standards (ITS) to Establish the Templates for the Register of Information"
  • FIA’s response to "RTS to Specify the Policy on ICT Services Performed by ICT Third-Party Providers"

The ESAs will consider the feedback received to these consultations and submit finalised draft technical standards to the European Commission by 17 January 2024.

  • FIA
  • Industry Operations
  • Advocacy
  • Operational and Regulatory Guidance
  • Europe