Three delegated regulations under the Regulation on digital operational resilience for the financial sector (Regulation (EU) 2022/2554 or “DORA”) have been adopted by the European Commission. These newly adopted regulations set out regulatory technical standards (“RTS”) which mainly focus on the management of ICT-related incidents, contractual relationships with ICT service providers, and ICT risk management tools including the simplified ICT management framework.

  • Classification of ICT-related Incidents and Cyber Threats: The first regulation (C(2024) 1519 final) establishes RTS that define the criteria for categorizing ICT-related incidents and cyber threats. It outlines materiality thresholds and specifies the requirements for reporting significant incidents. These RTS emanate from Article 18(4) of DORA, aiming to ensure a robust framework for identifying and addressing digital threats in the financial sector.

 

  • ICT Risk Management Tools and Framework: The second regulation (C(2024) 1532 final) lays down RTS for ICT risk management tools, methods, processes, and policies, including a simplified ICT risk management framework. Addressing mandates under Articles 15 and 16(3) of DORA, this regulation aims to provide financial entities with a comprehensive set of guidelines and tools for effective digital risk management.

 

  • Contractual Arrangements Policy with ICT Third-Party Service Providers: The third regulation (C(2024) 1531 final) details the RTS for the policy regarding contractual arrangements on the use of ICT services supporting critical or important functions. This regulation, mandated by Article 28(10) of DORA, seeks to clarify and standardize the contractual obligations and expectations between financial entities and their ICT third-party service providers, enhancing the security and resilience of outsourced functions.

These Delegated Regulations will become effective 20 days following their publication in the Official Journal of the European Union. The adoption of these regulations marks yet another pivotal step in the EU’s efforts to strengthen the digital resilience of its financial sector. The abovementioned regulations will now move to the European Parliament and to the Council of the EU for scrutiny. Pending no objections, these regulations will be formally published, representing a critical step forward in the EU’s digital operational resilience strategy.

Author: James Debono (Senior Associate, Ganado Advocates)

'Insurance & Reinsurance' Related News Articles

01
Proportionality is vital for a regulation of this nature
Ganado Advocates

by Ganado Advocates

6th May 2024

MFSA circular and feedback statement re amendments to PCC regulations
Ganado Advocates

by Ganado Advocates

30th April 2024

BOV OFFERS MAPFRE MSV Life CAPITAL GUARANTEED AND INCOME PLANS
Bank of Valletta

by Bank of Valletta

5th March 2024

Insurance update: The Nature and Art of Financial Supervision (Volume IX)
Ganado Advocates

by Ganado Advocates

4th March 2024

Strengthening Cyber Resilience: ICT Third-Party Risk for Insurers under DORA
Ganado Advocates

by Ganado Advocates

29th February 2024

GRC in Malta: The role of regulatory governance codes in strengthening governance structures of regulated entities
Ganado Advocates

by Ganado Advocates

23rd February 2024

EIOPA’s 2nd Report on the Application of the Insurance Distribution Directive (the “IDD”)
Ganado Advocates

by Ganado Advocates

19th February 2024

Atlas Insurance PCC Expands Reach with UK Branch Authorization and Life Reinsurance License
Atlas Insurance PCC Ltd

by Atlas Insurance PCC Ltd

25th January 2024

MFSA Circular on the Newly Published Accountancy Profession Regulations, 2023 (Legal Notice 299 of 2023)
Ganado Advocates

by Ganado Advocates

22nd January 2024

Insurtech and PCCs: Transforming insurance in Malta
Ganado Advocates

by Ganado Advocates

6th December 2023

MFSA issues Circular making the appointment of Independent Non-Executive Directors mandatory for Insurance Agents, Insurance Brokers and Retirement Scheme Administrators
Ganado Advocates

by Ganado Advocates

6th December 2023

The Guaranteed Capital & Income Plan 2026 II now available from all BOV Branches, Investment Centres and Private Banking
Bank of Valletta

by Bank of Valletta

6th September 2023

BOV announces limited-time offer on the MAPFRE MSV Life Unit Linked Personal Pension Plans
Bank of Valletta

by Bank of Valletta

23rd August 2023

Juridical interest in the context of insurance claims
Ganado Advocates

by Ganado Advocates

27th February 2023

Proposed amendments to the MFSA Insurance Distribution Rules
Ganado Advocates

by Ganado Advocates

24th February 2023

The Development of the Principle of Uberrima Fides over the years
Ganado Advocates

by Ganado Advocates

4th January 2023

Corporate Governance Code: How will your company apply the Code to ensure a sound governance structure?
Ganado Advocates

by Ganado Advocates

4th January 2023

High calibre international speakers for FinanceMalta’s 15th Annual Conference
FinanceMalta

by FinanceMalta

28th October 2022

The sinking of an oil tanker, recognition of judgements, arbitration proceedings and insurance contracts
Ganado Advocates

by Ganado Advocates

27th October 2022

EIOPA issues supervisory statement on the management of non-affirmative cyber risk exposures
Ganado Advocates

by Ganado Advocates

12th October 2022

The Corporate Governance Code provides core principles to be adopted by insurance entities to strengthen its good corporate governance
Ganado Advocates

by Ganado Advocates

12th October 2022

Talent Feature: How education can keep up with finance transformation
FinanceMalta

by FinanceMalta

5th August 2022

Member Spotlight – Jatco Insurance Brokers PPC Ltd: With Lloyd’s Broker Status, Jatco Plots Expansion
FinanceMalta

by FinanceMalta

22nd September 2021

Reinsurers’ Financial Communication: 2019-2020 Benchmark study
Mazars in Malta

by Mazars in Malta

4th June 2020