Legislation European legislation 24/03/2025 Commission Delegated Regulation (EU) 2025/532 of 24 March 2025 supplementing Regulation (EU) 2022/2554 of the European Parliament and of the Council with regard to regulatory technical standards specifying the elements that a financial entity has to determine and assess when subcontracting ICT services supporting critical or important functions 29/11/2024 Commission Implementing Regulation (EU) 2024/2956 with regard to standard templates for the register of information (DORA Art. 28.9) 24/10/2024 Commission Delegated Regulation (EU) 2025/295 with regard to regulatory technical standards on harmonisation of conditions enabling the conduct of the oversight activities (DORA Art. 41(a)(b)(d)) 23/10/2024 Commission Implementing Regulation (EU) 2025/302 laying down implementing technical standards with regard to the standard forms, templates, and procedures for financial entities to report a major ICT-related incident and to notify a significant cyber threat (DORA Art. 20(b)) 23/10/2024 Commission Delegated Regulation (EU) 2025/301 with regard to regulatory technical standards specifying the content and time limits for the initial notification of, and intermediate and final report on, major ICT-related incidents, and the content of the voluntary notification for significant cyber threats (DORA Art. 20(a)) 13/03/2024 Commission Delegated Regulation (EU) 2024/1772 with regard to regulatory technical standards specifying the criteria for the classification of ICT-related incidents and cyber threats, setting out materiality thresholds and specifying the details of reports of major incidents (DORA Art. 18.3) 13/03/2024 Commission Delegated Regulation (EU) 2024/1773 with regard to regulatory technical standards specifying the detailed content of the policy regarding contractual arrangements on the use of ICT services supporting critical or important functions provided by ICT third-party service providers (DORA Art. 28.10) 13/03/2024 Commission Delegated Regulation (EU) 2024/1774 with regard to regulatory technical standards specifying ICT risk management tools, methods, processes, and policies and the simplified ICT risk management framework (DORA Art. 15 and 16) 22/02/2024 Commission Delegated Regulation (EU) 2024/1505 on the amount of the oversight fees to be charged by the Lead Overseer to critical ICT third-party service providers and the way in which those fees are to be paid (DORA Art. 43.2) 22/02/2024 Commission Delegated Regulation (EU) 2024/1502 on the criteria for the designation of ICT third-party service providers as critical for financial entities (DORA Art. 31.8) 14/12/2022 Regulation (EU) 2022/2554 of the European Parliament and of the Council of 14 December 2022 on digital operational resilience for the financial sector and amending Regulations (EC) No 1060/2009, (EU) No 648/2012, (EU) No 600/2014, (EU) No 909/2014 and (EU) 2016/1011 Circulars, communications and handbooks Communications 15/06/2026 FSMA_2026_15 Impact of 'Frontier AI systems' on cyber risk(pdf - 395.92 KB ) Files Impact of 'Frontier AI systems' on cyber risk (pdf - 395.92 KB)
