The EU Digital Operational Resilience Act (“DORA”) entered into force in January 16, 2023, setting forth security requirements for network and information systems of organizations operating in the financial sector;

Obligations under DORA are to be further detailed by Regulatory Technical Standards (“RTS”) and Implementing Technical Standards (“ITS”), aimed at harmonizing requirements and facilitating implementation;

On June 19, 2023, the European Supervisory Authorities (“ESAs”)[1]published the first batch of drafts on RTS and ITS under DORA, providing detail to certain obligations around:

  • ICT security tools, policies and procedures;
  • Policies on the use of third-party ICT services concerning critical or important functions;
  • Criteria for the classification of ICT-related incidents; and
  • Register of agreements with third-party ICT service providers.

Continue reading.