DORA. RTS on ICT Incident Classificationbased on EBF’s Position

On June 19th, 2023, the European Supervisory Authorities (ESAs), EBA, EIOPA, and ESMA, published the first batch of Consultation Papers for the technical standards mandated by the Digital Operational Resilience Act (DORA) which aims at collecting market participants’ feedback on their development.

The European Banking Federation (EBF) and Deloitte have held a joint workshop to gather feedback from the EBF’s members, specifically around the Consultation Paper for the RTS “on specifying the criteria for the classification of ICT-related incidents, materiality thresholds for major incidents and significant cyber threats under Regulation (EU) 2022/2554” that was submitted to the European Commission on January 17th, 2024.

In the article are reported the main key attention points and the related considerations raised by the EBF members during the consultation of the Draft RTS:

• Unclear definition of Critical Services;
• Sound Application of Proportionality Principle and Risk-based Approach;
• The Challenges in the Notification of Significant Threats.