Skip to content
Home / Function (NIST CSF 2.0) / RC - Recover / Cyber Resilience

EU Commission Delegated Regulation 2024/1774 of 13 March 2024 supplementing Regulation (EU) 2022/2554 of the European Parliament and of the Council with regard to regulatory technical standards specifying ICT risk management tools, methods, processes, and policies and the simplified ICT risk management framework

This document focuses on:

EU Commission Delegated Regulation 2024/1774 of 13 March 2024 supplements Regulation (EU) 2022/2554 (DORA) by specifying regulatory technical standards (RTS) that detail ICT risk management tools, methods, processes, and policies for financial entities. This Regulation harmonizes ICT risk management requirements across financial sectors by identifying key elements for both the standard ICT risk management framework and a simplified ICT risk management framework designed for smaller or less complex entities such as small investment firms and certain exempted payment and electronic money institutions. The simplified framework under Article 16 of DORA includes fewer and less detailed requirements but still mandates documented policies, periodic reviews, and controls to preserve data availability, integrity, and confidentiality proportionate to the entity’s risk profile, size, and complexity. The RTS integrates existing European and international ICT security standards to facilitate implementation and supervision, ensuring coherence between the full and simplified frameworks while maintaining operational resilience against ICT risks and cyber threats.


Publication's URL

https://eur-lex.europa.eu/eli/reg_del/2024/1774/oj/eng

Additional documents on this topic



How would you rate this document ?

Click on a star to rate it!

What do you think of this document?

Your email address will not be published. Required fields are marked *