The Timeline
BEFORE SEPTEMBER 2016 | Existing Sectoral Guidance
Regulated firms expected to manage risk and to oversee their primary delegates. |
|---|---|
AFTER SEPTEMBER 2016 | Cross Industry Guidance in respect of Information Technology and Cybersecurity Risks
Firms now have further guidance to help identify and manage ICT Risk within their existing Risk Management Framework. |
FEBRUARY 2019 | EBA Guidelines on outsourcing arrangements
Whilst not applicable to most Irish regulated firms at the time of publication, many adopted the guidelines as 'best practice.' |
JUNE 2020 | EBA Guidelines on ICT and security risk management
|
MAY 2021 | ESMA Guidelines on outsourcing to cloud service providers
Applicable to all regulated firms, these guidelines reinforce the need to conduct risk assessments which better reflect the complexity of arrangements with ICT service providers. |
DECEMBER 2021 | CBI Cross Industry Guidance on Outsourcing
Introduced a detailed and prescriptive set of requirements on how oversight and due diligence should be performed on third-parties, including technology providers.
CBI Cross Industry Guidance on Operational Resilience
Regulated firms are now required to map their interconnections and dependencies to ensure that their firms are operationally resilient in the case of disruption or outage. |
JANUARY 2023 | DORA Directive & Regulation entered into force
The DORA Regulation & Directive have been published, with further guidance issued in the form of Regulatory Technical Standards and Implementing Technical Standards ("RTS/ITS"). The final drafts of certain RTS/ITS have yet to be published. |
JANUARY 2025 | DORA Directive & Regulation Effective
Are you ready? |
Find out more: