Publication of the second wave of RTS and ITS under DORA

  • Determination of aggregated costs and losses for ICT-related incidents (Art. 11 para. 1 DORA)
  • Reporting of significant ICT-related incidents (Art. 20 lit. a), b) DORA)
  • Centralization of incident reporting (Art. 21 DORA)
  • Specification of threat lead penetration testing (Art. 26 para. 1 DORA)
  • Identification of critical / important ICT services (Art. 30 para. 5 DORA)

Further details on the legal acts can be found here.