EU Commission Delegated Regulation 2024/1774 of 13 March 2024 supplements Regulation (EU) 2022/2554 (DORA) by specifying regulatory technical standards (RTS) that detail ICT risk management tools, methods, processes, and policies for financial entities. This Regulation harmonizes ICT risk management requirements across financial sectors by identifying key elements for both the standard ICT risk management framework and a simplified ICT risk management framework designed for smaller or less complex entities such as small investment firms and certain exempted payment and electronic money institutions. The simplified framework under Article 16 of DORA includes fewer and less detailed requirements but still mandates documented policies, periodic reviews, and controls to preserve data availability, integrity, and confidentiality proportionate to the entity’s risk profile, size, and complexity. The RTS integrates existing European and international ICT security standards to facilitate implementation and supervision, ensuring coherence between the full and simplified frameworks while maintaining operational resilience against ICT risks and cyber threats.
Publication's URL
URL: https://eur-lex.europa.eu/eli/reg_del/2024/1774/oj/engPublication's scorecard
Country: EU
Scope: Cyber
Typology: Regulation
Publication's date: March 13, 2024
Category: Cyber Resilience
Sector: Finance
Rating:
(No Ratings Yet)
Loading...