Consultation documents and proposals

Commission Delegated Regulation (EU) 2024/1502 of 24 October 2024 (external link) supplementing Regulation (EU) 2022/2554 of the European Parliament and of the Council with regard to regulatory technical standards on harmonisation of conditions enabling the conduct of the oversight activities
Commission Delegated Regulation (EU) 2024/1502 of 23 October 2024 (external link) supplementing Regulation (EU) 2022/2554 of the European Parliament and of the Council with regard to regulatory technical standards specifying the content and time limits for the initial notification of, and intermediate and final report on, major ICT related incidents, and the content of the voluntary notification for significant cyber threats
Draft regulatory technical standard on the harmonisation of conditions enabling the conduct of the oversight activities (external link) under Article 41(1)(c) of Regulation (EU) 2022/2554
Draft Implementing Technical Standards on the standard templates for the purposes of the register of information (external link) in relation to all contractual arrangements on the use of ICT services provided by ICT third-party service providers under Article 28(9) of Regulation (EU) 2022/2554
Draft Regulatory Technical Standards to specify the elements which a financial entity needs to determine and assess (external link) when subcontracting ICT services supporting critical or important functions as mandated by Article 30(5) of Regulation (EU) 2022/2554
Draft Regulatory Technical Standards specifying elements related to threat led penetration tests (external link) under Article 26(11) of Regulation (EU) 2022/2554
Joint Guidelines on the estimation of aggregated annual costs and losses caused by major ICT-related incidents under Regulation (EU) 2022/2554 (external link)