The Regulation on Digital Operational Resilience (DORA) gives the Commission the power to adopt delegated and implementing acts to specify how competent authorities and market participants need to comply with the obligations laid down in the regulation.
Latest
- 13 March 2024Adoption
- Commission Delegated Regulation supplementing Regulation (EU) 2022/2554 with regard to regulatory technical standards specifying the criteria for the classification of ICT-related incidents and cyber threats, setting out materiality thresholds and specifying the details of reports of major incidents (not in force until it is published in the Official Journal)
- Commission Delegated Regulation supplementing Regulation (EU) 2022/2554 with regard to regulatory technical standards specifying the detailed content of the policy regarding contractual arrangements on the use of ICT services supporting critical or important functions provided by ICT third-party service providers (not in force until it is published in the Official Journal)
- Commission Delegated Regulation supplementing Regulation (EU) 2022/2554 with regard to regulatory technical standards specifying ICT risk management tools, methods, processes, and policies and the simplified ICT risk management framework (not in force until it is published in the Official Journal)
- Commission Delegated Regulation supplementing Regulation (EU) 2022/2554 with regard to regulatory technical standards specifying the criteria for the classification of ICT-related incidents and cyber threats, setting out materiality thresholds and specifying the details of reports of major incidents (not in force until it is published in the Official Journal)
- 22 February 2024Adoption
- Commission Delegated Regulation supplementing Regulation (EU) 2022/2554 by determining the amount of the oversight fees to be charged by the Lead Overseer to critical ICT third-party service providers and the way in which those fees are to be paid (not in force until it is published in the Official Journal)
- Commission Delegated Regulation supplementing Regulation (EU) 2022/2554 by specifying the criteria for the designation of ICT third-party service providers as critical for financial entities (not in force until it is published in the Official Journal)
- Commission Delegated Regulation supplementing Regulation (EU) 2022/2554 by determining the amount of the oversight fees to be charged by the Lead Overseer to critical ICT third-party service providers and the way in which those fees are to be paid (not in force until it is published in the Official Journal)