The European Banking Authority, the European Insurance and Occupational Pensions Authority and the European Securities and Markets Authority published a joint report under Article 21 of the Digital Operational Resilience Act assessing whether financial entities’ reporting of major ICT-related incidents to competent authorities could be further centralised. The report compares three models: a baseline model, a model with enhanced data-sharing arrangements, and a fully centralised model. It considers the potential for reduced burden and costs for reporting entities and authorities, alongside possible gains in efficiency and effectiveness for cross-sector supervisory practices. The analysis draws on input from competent authorities and the ESAs’ Stakeholder Groups, an external IT strategy firm’s expertise, and consultations with the European Central Bank and the EU Agency for Cybersecurity. The report has been submitted to the European Parliament, the European Council and the European Commission, which will consider the findings for potential future developments on further centralising incident reporting in the financial sector.
European Securities and Markets Authority 2025-01-17
European Securities and Markets Authority and fellow European Supervisory Authorities assess options to further centralise DORA major ICT incident reporting
The European Banking Authority, European Insurance and Occupational Pensions Authority, and European Securities and Markets Authority released a joint report under the Digital Operational Resilience Act evaluating the centralisation of financial entities' ICT-related incident reporting. The report examines three models, highlighting potential reductions in reporting burdens and costs, and improvements in cross-sector supervisory efficiency. Findings have been submitted to the European Parliament, Council, and Commission for future consideration.