Belgium Financial Services and Markets Authority issues guidance on DORA ICT third-party register and major incident reporting

The Belgium Financial Services and Markets Authority (FSMA) has issued guidance on financial entities' obligations under the Digital Operational Resilience Act (DORA), effective from 17 January 2025. The document outlines requirements for maintaining an information register of ICT third-party service providers and reporting major ICT-related incidents.

Policy and regulationOperational risk and resilienceOutsourcing and third-party risk management

The Belgium Financial Services and Markets Authority (FSMA) has published a document clarifying financial entities’ obligations under the Digital Operational Resilience Act (DORA) to maintain an information register of ICT third-party service providers and to report major ICT-related incidents, following DORA’s application from 17 January 2025. The publication describes the scope of DORA for these purposes and sets out the specific rules financial entities should follow to comply with the register and incident-reporting requirements.

Original source View in tracker