Skip to main content
Perspective:
Perspective
3 minute read

DORA crosses its second milestone

21 June 2023

Regulatory News Alert

ESAs published for consultation the first batch of DORA draft technical standards

On 19 June, the European Supervisory Authorities (ESAs) –EBA, EIOPA and ESMA – have released their consultations on the first batch of draft technical standards under the Digital Operational Resilience Act (DORA).

Although these technical standards are not final, they are important as they provide first guidance with regard to key requirements to be considered, complementary to the requirements set out in DORA itself.

DORA has mandated the ESAs to develop 13 policy instruments, organized in two batches. The first batch, which is now published for consultation, includes four draft regulatory technical standards (RTS) and one set of draft implementing technical standards (ITS):

  • RTS on ICT risk management framework
  • RTS on simplified ICT risk management framework;
  • RTS on criteria for the classification of ICT-related incidents;
  • ITS to establish the templates for the register of information;
  • RTS to specify the policy on ICT services performed by ICT third-party providers.

During the consultation process, two dates are key:

  • Deadline for submission of comments: 11 September 2023
  • Final submission of the technical standards: 17 January 2024

 

Why is this important for me?

DORA will apply from 17 January 2025. Although these first technical standards are in draft form, they indicate the challenges of the compliance journey for DORA. It’s important to start now – using the draft RTS to guide your approach and further understand the impacts, importance, and complexity of DORA.

 

What is next?

In terms of process, as usual, during the consultation, ESAs will collect feedbacks and potentially adapt the text according to the changes proposed by the stakeholders. Based on similar processes, a material reshape of the text is not expected. A second batch of the draft regulatory technical standards is expected by the end of the year. They will be also subject to a consultation process.

 

How Deloitte can help

Deloitte’s specialists and dedicated services can help you all along your DORA compliance journey, from structuring your customized project to organizing your milestones in line with DORA requirements and with the RTS/ITS and their iterative publications.

With expertise and accelerators, we can support you in assessing your current level of readiness, in defining your specialized roadmap and customized measures, and also in executing this roadmap.

Our Regulatory Watch team closely follows digital finance developments and helps you stay ahead of the regulatory curve.

Did you find this useful?

Yes
No

Thanks for your feedback

If you would like to help improve Deloitte.com further, please complete a 3-minute survey

Your feedback is important to us

To tell us what you think, please update your settings to accept analytics and performance cookies.

Need help updating cookies?

Get in touch

Irina Hedea

Partner | Information & Technology Risk
+352 45145 2944

Laureline Senequier

Partner | Risk Advisory
+352 45145 4422

Recommendations

The EU’s Digital Operational Resilience Act has been agreed

EU negotiators have now reached a full technical agreement on the DORA package. A few months of administrative process are left before the DORA will be published in the EU Official Journal (OJ).
Research
6 minute read

Exploring DORA

In-scope entities like yours should not delay their regulatory compliance journey any longer. Once the final version of DORA is published, it will begin a 24-month implementation period before it goes into effect during which entities must implement necessary measures to meet DORA requirements.
Research
7 minute read
Explore our thinking