The three European Supervisory Authorities (EBA, EIOPA and ESMA – the ESAs) published today a report on the feasibility of further centralisation in the reporting of major ICT-related incidents by financial entities according to Article 21 of the Digital Operational Resilience Act (DORA).
In line with the DORA mandate, the ESAs’ joint report explores the potential for further centralisation regarding financial entities’ reporting of major ICT-related incidents to competent authorities.
The report assesses the feasibility of three different models: the baseline model, a model with enhanced data sharing arrangements and a fully centralised model. It considers the potential burden and cost reductions, as well as the efficiency and effectiveness gains that each model would bring for cross-sector supervisory practices.
Next steps
The joint report has been submitted to the European Parliament, the European Council and the European Commission, which will consider its findings for potential future developments in relation to the further centralisation of major ICT-related incident reporting in the financial sector.
Background
The report, prepared jointly by the ESAs in accordance to Article 21 of DORA, is based on input received from Competent Authorities and the ESAs’ Stakeholders Groups. The ESAs also drew on the expertise of a renowned IT strategy firm and consulted the ECB and ENISA while drafting the report.