EUFinal DraftFinal Report
RTS on ICT Risk Management (Final)
Final Report – Draft Regulatory Technical Standards to further harmonise ICT risk management tools, methods, processes and policies as mandated under Articles 15 and 16(3) of Regulation (EU) 2022/2554
Abstract
Final draft Regulatory Technical Standards specifying detailed and harmonised requirements for ICT risk management frameworks under DORA, including ICT security policies, access controls, detection and response mechanisms, business continuity, recovery planning, and reporting, as well as a simplified framework for smaller financial entities.
Key Takeaways
- Defines detailed ICT security policies, procedures and technical controls required under Articles 15 and 16(3) of DORA.
- Introduces harmonised requirements for detection, incident response, business continuity, and recovery testing.
- Establishes structured documentation and reporting for ICT risk management framework reviews.
- Applies proportionally, with a simplified ICT risk framework for small and less complex entities.
- Intended to apply from 17 January 2025 after Commission adoption.
Keywords
RTSDORAICT riskArticle 15Article 16JC 2023 86digital operational resilience
Need DORA-Aligned AI Architecture?
We build AI systems that satisfy DORA requirements from day one. Audit trails, governance, exit readiness - built in, not bolted on.
Schedule Architecture Reviewviktor@intellectumlab.com | Response within 24 hours