Following the delegated acts package adopted on 22 February this year, the Commission has adopted today three new regulatory technical standards (RTSs).
The RTSs complement the EU regulatory frameworks on cybersecurity matters for the financial sector by specifying
- rules to classify cyber incidents
- rules to harmonise ICT risk management tools, methods, processes and security policies for the financial entities
- rules to establish the elements of risk that financial entities shall take into account when developing their policy on the use of ICT services supporting critical or important functions provided by ICT third-party service providers
Now it is for the European Parliament and the Council to scrutinise and adopt the acts.