EU DORA RTS - ICT-related incident classification

Sets out the criteria and materiality thresholds for the classification of ICT-related, security payment-related and operational incidents at financial institutions. Ensures that the size and overall risk profile and the nature, scale and complexity of the financial entity is reflected in both threshold and criteria.

Rule Overview

Jurisdiction: European Union

Regulator: ESMA

Topic: Resilience

Overview

Notable

Latest News

Includes provisions for information sharing arrangements between competent authorities and EU level regulators.

Article 1

Clients, financial counterparts and transactions

Article 2

Reputational impact

Article 3

Duration and service downtime

Article 4

Geographical spread

Article 5

Data losses

Article 6

Criticality of services affected

Article 7

Economic impact

Article 8

Major incidents

Article 9

Major incident materiality threshold

Article 10

High materiality threshold for significant cyber threats

Article 11

Relevance of major incidents to competent authorities

Article 12

Details of major incidents to be shared with other competent authorities

Notable

Regulation

DORA: Financial entities enter the twilight zone between financial services regulation and cybersecurity

January 15, 2024

Overview of the new regulation on digital operational resilience (DORA) for the financial sector in Sweden and other EU countries.

Philip Heilbrunn | Eversheds Sutherland, Sara Malmgren | Eversheds Sutherland, Mattias Dacker | Eversheds Sutherland9 min read

Technology

Taming the DORA dragon

June 26, 2024

An interdisciplinary approach between firms and their service providers is crucial to successfully "tame" DORA says PJ Di Giammarino of JWG.

PJ Di Giammarino | JWG5 min read

Regulation

EU deploys DORA to strengthen cyber resilience of the financial sector

November 14, 2022

Two new sets of rules aim to bolster cybsersecurity.

Thomas Hyrkiel3 min read

Regulation

DORA: Financial entities enter the twilight zone between financial services regulation and cybersecurity

Technology

Taming the DORA dragon

Regulation

EU deploys DORA to strengthen cyber resilience of the financial sector

Latest News

The quiet calculus of settlement: How compliance teams decide when to fight and when to fold

REMIT II in action: The enforcement era begins

SEC enforcement highlights valuation risks in affiliated loan transactions

Latest News

CFTC rejects “regulation by enforcement” while touting muscular enforcement plan

Community health clinics receive 90% patient satisfaction rates, but face funding cliff

DOL unveils 'historic' proposal to allow alternative investments in 401(k)s

Latest News

FINRA launches Financial Intelligence Fusion Center

Sweden sees surge in fraudulent trading platforms

Crossborder data flows in Africa: regulation, risk, and the rise of sovereignty

Latest News

Regulators and industry signal data revolution to end compliance whack-a-mole approach

The future of UK cybersecurity

Framing the Issue: A US strategic bitcoin reserve

Latest News

FINRA launches Financial Intelligence Fusion Center

Community health clinics receive 90% patient satisfaction rates, but face funding cliff

The quiet calculus of settlement: How compliance teams decide when to fight and when to fold

EU DORA RTS - ICT-related incident classification

Financial regulation 2.0: What EU regulatory evolution means for practitioners

AK Jensen is Norway’s first crypto-asset service provider under MiCA

Demystifying the debate on the US CLOUD Act vs European/UK Data Sovereignty

Lietuvos Bankas sets out agenda for dialogue with financial sector

Iceland's Central Bank publishes priorities for financial market supervision

Ashurst Data Bytes 2026: Ready or not, increased cyber scrutiny is here

The EU's DORA: Strategic implications for third-party financial service providers

Building a resilient human firewall in UK financial services