July 14, 2023

Draft Technical Standards for DORA Now Available


Executive Summary

  • The EU Digital Operational Resilience Act (“DORA”) entered into force in January 16, 2023, setting forth security requirements for network and information systems of organizations operating in the financial sector;
  • Obligations under DORA are to be further detailed by Regulatory Technical Standards (“RTS”) and Implementing Technical Standards (“ITS”), aimed at harmonizing requirements and facilitating implementation;
  • On June 19, 2023, the European Supervisory Authorities (“ESAs”)[1] published the first batch of drafts on RTS and ITS under DORA, providing detail to certain obligations around:
    • ICT security tools, policies and procedures;
    • Policies on the use of third-party ICT services concerning critical or important functions;
    • Criteria for the classification of ICT-related incidents; and
    • Register of agreements with third-party ICT service providers.
  • The drafts will be open to public consultation until September 11, 2023. The ESAs shall submit these draft technical standards to the European Commission (“Commission”) by January 17, 2024 for adoption by the Commission.
  • DORA will apply from January 17, 2025, and compliance must consider the content of the RTS and ITS.

Resource Downloads

Stay Up To Date With Our Insights

See how we use a multidisciplinary, integrated approach to meet our clients' needs.