29 April 2024

DORA Trifecta – Three Delegated Regulations Adopted By The Commission

Finance Malta


Finance Malta is a non-profit public-private initiative set up to promote Malta as an international financial centre, both within, as well as outside Malta. It brings together, and harnesses, the resources of the industry and government, to ensure Malta maintains a modern and effective legal, regulatory, and fiscal framework in which the financial services sector can continue to grow and prosper. The Board of Governors, together with the founding associations: The Malta Funds Asset Servicing Association, the Malta Bankers Association, the Malta Insurance Association, the Association of Insurance Brokers, the Malta Insurance Managers Association, the Institute of Financial Services Practitioners; its members and staff are all committed to promote Malta as an innovative international.
Three delegated regulations under the Regulation on digital operational resilience for the financial sector (Regulation (EU) 2022/2554 or "DORA")...
Malta Strategy
To print this article, all you need is to be registered or login on

Three delegated regulations under the Regulation on digital operational resilience for the financial sector (Regulation (EU) 2022/2554 or “DORA”) have been adopted by the European Commission. These newly adopted regulations set out regulatory technical standards (“RTS”) which mainly focus on the management of ICT-related incidents, contractual relationships with ICT service providers, and ICT risk management tools including the simplified ICT management framework.

  • Classification of ICT-related Incidents and Cyber Threats:  The first regulation (C(2024) 1519 final) establishes RTS that define the criteria for categorizing ICT-related incidents and cyber threats. It outlines materiality thresholds and specifies the requirements for reporting significant incidents. These RTS emanate from Article 18(4) of DORA, aiming to ensure a robust framework for identifying and addressing digital threats in the financial sector.
  • ICT Risk Management Tools and Framework: The second regulation (C(2024) 1532 final) lays down RTS for ICT risk management tools, methods, processes, and policies, including a simplified ICT risk management framework. Addressing mandates under Articles 15 and 16(3) of DORA, this regulation aims to provide financial entities with a comprehensive set of guidelines and tools for effective digital risk management.
  • Contractual Arrangements Policy with ICT Third-Party Service Providers: The third regulation (C(2024) 1531 final) details the RTS for the policy regarding contractual arrangements on the use of ICT services supporting critical or important functions. This regulation, mandated by Article 28(10) of DORA, seeks to clarify and standardize the contractual obligations and expectations between financial entities and their ICT third-party service providers, enhancing the security and resilience of outsourced functions.

These Delegated Regulations will become effective 20 days following their publication in the Official Journal of the European Union. The adoption of these regulations marks yet another pivotal step in the EU's efforts to strengthen the digital resilience of its financial sector. The abovementioned regulations will now move to the European Parliament and to the Council of the EU for scrutiny. Pending no objections, these regulations will be formally published, representing a critical step forward in the EU's digital operational resilience strategy.

The content of this article is intended to provide a general guide to the subject matter. Specialist advice should be sought about your specific circumstances.

See More Popular Content From

Mondaq uses cookies on this website. By using our website you agree to our use of cookies as set out in our Privacy Policy.

Learn More