The Digital Operational Resilience Act (DORA) is a key regulatory framework introduced by the European Union to strengthen the IT security and operational resilience of financial entities. As part of its structure, DORA emphasizes critical performance areas like RTS (Regulatory Technical Standards) and ITS (Implementing Technical Standards), which provide detailed guidance on compliance requirements. In this blog post, we’ve compiled a list of official RTS and ITS links to help financial institutions, ICT providers, and other stakeholders navigate the regulatory landscape more efficiently. Whether you’re preparing for audits or building a DORA-compliant framework, these resources are essential for staying aligned with EU expectations.
RTS on criteria for the classification of major ICT-related incidents (DORA article 18.3)
RTS on specifying the content and reporting timelines for major ICT-related incidents (DORA article 20(a))
ITS to establish the forms, templates and procedures for major ICT-related incident reporting (DORA article 20(b))
RTS on threat-led penetration testing (TLPT) (article 26(11))
RTS to specify the policy on ICT services (DORA article 28.10)
ITS to establish the templates for the Register of information (DORA article 28.9)
RTS to specify elements when sub-contracting critical or important functions (DORA article 30.5)