The following three regulatory technical standards supplementing the Digital Operational Resilience Act have been published in the Official Journal of the European Union:
- RTS on the criteria for the classification of ICT-related incidents and cyber threats, setting out materiality thresholds and specifying the details of reports of major incidents (Delegated Regulation 2024/1772).
- RTS specifying the detailed content of the policy regarding contractual arrangements on the use of ICT services supporting critical or important functions provided by ICT third-party service providers (Delegated Regulation 2024/1773).
- RTS specifying ICT risk management tools, methods, processes and policies and the simplified ICT risk management framework (Delegated Regulation 2024/1774).
The Delegated Regulations will enter into force on July 15, 2024, the twentieth day following their publication in the Official Journal.
[View source.]