NLD AFM DORA ICT-Related Incidents

On Jun. 27, NLD AFM issued DORA update on ICT-related incidents.

  • NLD AFM issued fourth update explaining substantive aspects of the Digital Operational Resilience Act (DORA), with focus on discussion of ICT-related incidents.
  • Follows NLD AFM Apr. 2024 made recommendations on ICT security, see #209088.
  • ICT-Related Incidents
  • Important that ICT-related incidents are adequately detected and handled.
  • Requires a robust management process, consistent classification and registration, and reporting to the regulator; contributes to greater digital resilience of companies.
  • DORA update examines management of ICT incidents, classification and registration of ICT incidents, and reporting of serious ICT incidents and significant cyber threats.
  • Requirements applicable to ICT-related incidents described in Chapter III (Art. 17-23).
  • Some requirements elaborated in the regulatory technical standard (RTS) for Art. 15, 18(3), 20(a) and implementing technical standard (ITS) for Art. 20(b).
  • Regulation Supervision
  • Companies have until Jan. 2025 to comply with DORA regulations.
  • DORA will then officially apply: NLD AFM and NLD DNB will supervise the regulation.
  • DORA-related requirements from existing legislation already apply to some companies.
  • In Jul. 2024, NLD AFM published checklist for companies on DORA rules, see #218362.
  • In Sep. 2024, NLD AFM published the fifth DORA update on testing, see #169643.

Regulators NLD AFM
Entity Types Bank; IA; Inv Co
Reference PR, 6/27/2024; DORA Dir 2022/2556, Reg 2022/2554
Functions BCS; Compliance; Cyber; Financial; Legal; Operations; Technology
Countries Netherlands
Category
State
Products Banking; Fund Mgt; Securities
Regions EMEA
Rule Type Final
Rule Date 6/27/2024
Effective Date 1/1/2025
Rule Id 217474
Linked to Rule :209088
Reg. Last Update 6/27/2024
Report Section EU

Last substantive update on 07/02/2024