On 8 December, the three European supervisory authorities, EBA, EIOPA and ESMA, published a consultation on the second round of technical standards for DORA. Two sets of draft guidelines were also presented.
The technical standards are intended to govern the format and timeframe for incident reporting, the use of subcontractors for important and critical functions, the conditions for the new oversight framework for critical third-party service providers and details for threat-led penetration testing. The draft guidelines aim to harmonise estimates of annual losses as a consequence of ICT-related incidents and cooperation between supervisory authorities.
The consultation will continue until 4 March 2024. The submission of the final technical standards and the adoption of the guidelines will take place on 17 July 2024.