Grace Connect

News & Announcements

GRACE CONNECT sarl 08/12/2023

Update on DORA Regulation

The European Supervisory Authorities (ESAs) have launched on December 8th a joint consultation on the second batch of polices mandates under the Digital Operational Resilience Act (DORA).

This latest package includes new draft regulatory technical standards (RTS), implementing technical standards (ITS), and Guidelines, aiming to create a consistent legal framework for ICT-related incident reporting, Operational Resilience Testing and ICT third-party risk management.

Key Components of the Second Batch

  • 4 RTS on incident reporting, subcontracting of critical functions, oversight harmonization, threat-led penetration testing (TLPT).
  • 1 ITS on the standard forms, templates and procedures to report a major incident and to notify a significant cyber threat.
  • 2 set of Guidelines on aggregated costs from major incidents and oversight cooperation between the ESAs and the competent authorities.

Next Steps and Resources

  • DORA, entered into force in January 2023 and set to be effective from January 2025, aims to fortify the digital operational resilience across the EU financial sector.
  • The ESAs anticipate submitting the draft standards and issuing guidelines by July 17, 2024

Consultation Details

  • Stakeholders can contribute until March 4th, 2024, providing insights on incident reporting, subcontracting ICT services, oversight cooperation, and more via the ESAs consultation page.
  • Practical details on the consultation process and related documentation at

At Grace Connect Sarl, we're proactively supporting our clients to navigate the DORA compliance journey.
Reach out for comprehensive support and detailed insights on how to navigate upcoming regulatory changes.

Read more