Today, two Commission Delegated Regulations supplementing Regulation (EU) 2022/2554 (Digital Operational Resilience Act, DORA) were published on the Official Journal of the EU.
- Delegated Regulation (EU) 2024/1502 complements DORA by specifying the criteria for designating third-party ICT service providers as critical for financial entities.
- Delegated Regulation (EU) 2024/1505 complements the DORA by determining the amount of oversight fees to be charged by the lead oversight authority to critical third-party ICT service providers and the manner of payment.
As far as the next steps are concerned, both regulations enter into force on the 20th day following their publication in the Official Journal of the EU. However, in the framework of Delegated Regulation (EU) 2024/1502, the lead supervisory authority applies sub-criterion 1.4 of Art. 2(5)(b) as of 16 January 2025.
Sources:
Delegated Regulation (EU) 2024/1502 is available here, and Delegated Regulation (EU) 2024/1505 is available here.
Write a comment