ESAs Consultation

FESE response to the ESAs consultation on the DORA second batch policy products

Cybersecurity | 5 Mar 24

FESE welcomes the opportunity to contribute its views to the ESAs consultation papers on the second batch of DORA policy products. The consultation papers cover:

  • RTS and ITS on content, timelines and templates for incident reporting,
  • GL on aggregated costs and losses from major incidents,
  • RTS on subcontracting of critical functions,
  • RTS on oversight harmonisation,
  • GL on oversight cooperation between ESAs and competent authorities,
  • RTS on threat-led penetration testing (TLPT).

FESE supports the incorporation of the proportionality principle and believes it should be fully respected concerning trading venues. Concerning the RTS on subcontracting, FESE considers that the expected level of monitoring by the financial entity of subcontractors is too high, making it disproportionate and challenging to implement. The RTS on threat-led penetration generally reflect the main aspects of the TIBER-EU framework, however, we believe some adjustments are necessary with regard to timelines for the testing process and the metrics for external testers, among other aspects as outlined in the FESE response.