DORA: the European Commission has published a delegated acts project
On January 17 2024, the three European Supervisory Authorities (EBA, EIOPA and ESMA) published the first set of definitive draft technical standards under the Digital Operational Resilience Act (DORA) aimed at enhancing the digital operational resilience of the EU financial sector by strengthening financial entities’ Information and Communication Technology (ICT) and third-party risk management and incident reporting frameworks.
On February 22 2024, the European Commission published a Commission Delegated Regulation (EU) supplementing DORA by specifying the criteria for the designation of ICT third-party service providers as critical for financial entities.
Article 1 specifies that supervisory costs borne by the EBA will be recovered.
Article 2 specifies how the annual supervisory fee will be determined for significant issuers of Asset Reference Tokens and E-Money Tokens
Article 3 specifies how fees are to be adjusted if there is a surplus or deficit.
Article 4 provides for the general modalities of payment of the EBA fees.
Article 5 provides for the reimbursement of competent authorities if they undertake supervisory tasks allocated to them by the EBA.
Article 6 sets the date of entry into force of the delegated act.