The European Supervisory Authorities (EBA, EIOPA and ESMA – the ESAs) launched a public consultation on the first batch of policy products under the Digital Operational Resilience Act (DORA) in Juni 2023. This is to amend the DORA delegated acts on the ICT risk management framework, the criteria for classifying ICT-related incidents, the policy and the register of information in relation to ICT services performed by ICT third-party providers.
In its comments, the DK points out that the detailed requirements presented in the technical standards leave little room for proportional application. In addition, the implementation of the information register in the proposed form will require considerable resources to implement and fill it. A stronger alignment with already existing outsourcing registers would be desirable.
