The European Banking Authority, together with the European Insurance and Occupational Pensions Authority and the European Securities and Markets Authority, has published a joint report under Article 21 of the Digital Operational Resilience Act on whether major ICT-related incident reporting by financial entities could be further centralised. The study focuses on options for centralising how firms report major ICT-related incidents to competent authorities. Three models are assessed: the baseline model, a model with enhanced data-sharing arrangements, and a fully centralised model. The report considers potential reductions in burden and costs, alongside efficiency and effectiveness gains for cross-sector supervisory practices. The analysis draws on input from competent authorities and the ESAs’ Stakeholder Groups, was supported by an external IT strategy firm, and included consultation with the European Central Bank and the EU Agency for Cybersecurity (ENISA). The report has been submitted to the European Parliament, the European Council and the European Commission for consideration in potential future developments on further centralisation of major ICT-related incident reporting in the financial sector.
European Banking Authority 2025-01-17
European Banking Authority, EIOPA and ESMA publish report assessing further centralisation of major ICT incident reporting under DORA
The European Banking Authority, European Insurance and Occupational Pensions Authority, and European Securities and Markets Authority published a joint report on centralising major ICT-related incident reporting by financial entities under the Digital Operational Resilience Act. The report evaluates three centralisation models, considering efficiency gains and cost reductions. It has been submitted to the European Parliament, European Council, and European Commission for future consideration.