ESAs Public Workshops on DORA Level 2

Just to flag that the European Supervisory Authorities (ESAs) are planning to organize two public workshops on the Level 2 of DORA.

?It is not yet confirmed, but it seems that the first workshop will be organized on 6 February 2023.

• The first session will be dedicated to cover the Level 2 of DORA that has to be adopted by 17 January 2024. Level 2 articles of DORA with the first deadline (within 12 months) are:
• RTS on harmonisation of ICT risk management (Article 15);
• RTS on simplified ICT risk management framework (Article 16);
• RTS on criteria for the classification of ICT-related incidents (Article 18);
• ITS to establish the templates for the register of information (Art 28.9);
• RTS to specify the policy on ICT services (Art 28.10).

The second session will be dedicated to cover the Level 2 of DORA that has to be adopted by 17 July 2024. Level 2 articles of DORA with the second deadline (within 18 months) are:

• Guideline on aggregating costs/losses caused by major ICT incidents (Article 11.11);
• RTS on reporting of major ICT-related incidents (Article 20);
• ITS to establish the reporting for major ICT-related incidents (Article 20);
• RTS to specific threat-led penetration testing aspects (Article 26);
• RTS on subcontracting critical or important functions (Article 30.5);
• Guideline on the structure of oversight (Article 32.7);
• RTS to specify information on oversight conduct (Article 41).

For more information, please contact our experts at PwC Switzerland

Philipp Rosenauer Alexandra Burns Philipp G?mperle Johannes Dohren Gabriela Tsekova