EBA - Operational resilience policy products
Pagina EBA con productos regulatorios DORA y actualizaciones operativas.
- Regulación: DORA
- Emisor: EBA
- Fuente oficial: https://www.eba.europa.eu/regulation-and-policy/operational-resilience
This site uses cookies. Visit our cookies policy page or click the link in any footer for more information and to change your preferences.
Accept all cookies Accept only essential cookies
Operational resilience
Operational resilience is defined as the ability of an institution to deliver critical operations through disruption. This builds on the prudential operational risk framework, encompassing internal governance, outsourcing, business continuity and relevant risk management-related aspects. Such ability enables an institution to identify and protect itself from threats and potential failures, respond and adapt to, as well as recover and learn from disruptive events in order to minimise their impact on the delivery of critical operations through disruption. EU legislation on digital operational resilience for the financial sector (DORA) sets targeted rules for institutions on ICT risk-management capabilities, incident reporting, digital operational resilience testing and ICT third-party risk monitoring. The ESAs are delivering a number of policy products, in the areas of ICT risk management, major ICT-related incident reporting, testing, monitoring of ICT third-party risk, aiming to ensure the consistent harmonisation of the DORA requirements.
Documents
- Request for advice to the ESAs regarding designation criteria and fees for the DORA oversight framework
- ESAs Public Statement on DORA application
Links
- More on EBA's work on DORA
- Status of implementation of DORA
- DORA Regulation
- DORA Directive
- Investment firms
- Recovery, resolution and DGS
- Supervisory Review and Evaluation Process (SREP) and Pillar 2
Technical Standards, Guidelines & Recommendations
Technical standards
Final draft RTS/ITS adopted by the EBA and submitted to the European Commission
Joint Regulatory Technical Standards on the criteria for determining the composition of the joint examination team (JET)
Adopted and published in the Official Journal of the EU
Implementing Technical Standards to establish the templates for the register of information
Adopted and published in the Official Journal of the EU
Regulatory Technical Standards on the policy on ICT services supporting critical or important functions provided by ICT third-party service providers
Adopted and published in the Official Journal of the EU
Regulatory Technical Standards on criteria for the classification of ICT-related incidents
Adopted and published in the Official Journal of the EU
Regulatory Technical Standards on ICT risk management framework and on simplified ICT risk management framework
Final draft RTS/ITS adopted by the EBA and submitted to the European Commission
Joint Regulatory Technical Standards specifying elements related to threat led penetration tests
Adopted and published in the Official Journal of the EU
Joint Technical Standards on major incident reporting
Final draft RTS/ITS adopted by the EBA and submitted to the European Commission
Joint Regulatory Technical Standards on subcontracting ICT services supporting critical or important functions
Adopted and published in the Official Journal of the EU
Joint Regulatory Technical Standards on the harmonisation of conditions enabling the conduct of the oversight activities
ESAs Joint Committee Technical standards under the Digital Operational Resilience Act (DORA)
Guidelines
Final and translated into the EU official languages
Joint Guidelines on the oversight cooperation and information exchange between the ESAs and the competent authorities
Final and translated into the EU official languages
Joint Guidelines on estimation of aggregated annual costs and losses caused by major ICT-related incidents
Final and translated into the EU official languages
Guidelines on common procedures and methodologies for the supervisory review and evaluation process (SREP)
Final and translated into the EU official languages
Guidelines for institutions and resolution authorities on improving resolvability
Final and translated into the EU official languages
Guidelines on internal governance for investment firms
Under consultation
Guidelines on outsourcing arrangements
Final and translated into the EU official languages
Guidelines on ICT and security risk management
Final and translated into the EU official languages
Guidelines on ICT Risk Assessment under the SREP
Final and translated into the EU official languages
Guidelines on necessary services
Final and translated into the EU official languages
Guidelines on measures to reduce or remove impediments to resolvability
Opinions, Reports and other Publications
Opinions
7 March 2025
ESAs Joint Committee Opinion on the rejection of the RTS on subcontracting under DORA
Download document View press release
15 October 2024
Opinion of the ESAs on the rejection of the ITS on RoI under DORA
Download document View press release
15 October 2024
ESAs proposals for further changes to the ITS on RoI
Download document View press release
15 October 2024
ESAs proposals for further changes to the Annex of the ITS on RoI
Download document View press release
Decisions
29 January 2025
ESAs Decision on reporting of information for CTPP designation (corrigendum consolidated)
Download document View press release
29 January 2025
ESAs Decision on reporting of information for CTPP designation (corrigendum)
Download document View press release
15 November 2024
ESA 2024 22 Decision on reporting of information for CTPP designation
Download document View press release
15 November 2024
Draft validation rules for DORA reporting of RoI
Download document View press release
Reports
17 January 2025
Joint Report on the feasibility for further Centralisation of reporting of major ICT incidents
Download document View press release
17 December 2024
ESA 2024 35 DORA Dry Run exercise summary report
Download document View press release
27 September 2023
ESA 2023 22 - ESAs report on the landscape of ICT TPPs.pdf
ESAs Report on the landscape of ICT third-party providers in the EU
Download document View press release
Other publications
14 January 2026
Memorandum of Understanding on DORA oversight of critical ICT third-party service providers in EU and UK
Download document View press release
14 January 2026
ESAs targeted equivalence assessment of DORA confidentiality and professional secrecy regimes
Download document View press release
15 July 2025
Guide on DORA oversight of critical third-party providers activities
Download document View press release
18 February 2025
Roadmap towards the designation of CTPPs under DORA
Download document View press release
17 July 2024
The Systemic Cyber Incident Coordination Framework: EU-SCICF
Download document View press release
5 June 2024
Memorandum of Understanding on cooperation between the ESA and ENISA
Download document View press release
29 September 2023
Joint-ESAs’ response to the Call for advice on the designation criteria and fees for the DORA oversight framework.pdf
Joint-ESAs’ response to the Call for advice on the designation criteria and fees for the DORA oversight framework