The three European Supervisory Authorities (EBA, EIOPA and ESMA – the ESAs) published today a report on the feasibility of further centralisation in the reporting of major ICT-related incidents by financial entities according to Article 21 of the Digital Operational Resilience Act (DORA).

In line with the DORA mandate, the ESAs’ joint report explores the potential for further centralisation regarding financial entities’ reporting of major ICT-related incidents to competent authorities.

The report assesses the feasibility of three different models: the baseline model, a model with enhanced data sharing arrangements and a fully centralised model. It considers the potential burden and cost reductions, as well as the efficiency and effectiveness gains that each model would bring for cross-sector supervisory practices.

Next steps

The joint report has been submitted to the European Parliament, the European Council and the European Commission, which will consider its findings for potential future developments in relation to the further centralisation of major ICT-related incident reporting in the financial sector.