Risk Horizon
Live

Intelligence generated by AI from public regulatory sources. Not investment or regulatory advice. Verify before relying on any output.

Back to Intelligence
IncreasingMedium2026-06-03

ESAs publish first DORA major ICT incident report

MarketsReportGeneral RegulatoryCross-JurisdictionalEUConf: High
Regulatory Event

The EBA, EIOPA and ESMA published the first annual overview of major ICT-related incidents in the EU financial sector under DORA.

Analysis

The inaugural DORA incident report highlights that ICT risks in EU finance are increasingly borderless and interconnected. It signals that supervisors now have systemic visibility into incident frequency, severity and contagion, raising the bar for incident detection, classification and reporting.

Relevance

Establishes a baseline for supervisory expectations on operational resilience and shapes future thematic reviews and enforcement priorities under DORA.

Required Action

Action Required

Benchmark internal ICT incident profile against ESA findings and reassess third-party concentration and cross-border ICT risk controls.

Justification

First systemic EU-wide view of ICT incidents under DORA will drive supervisory scrutiny and benchmarking across financial entities.

Control Commentary

ICT and third-party resilience risk elevated. Review DORA incident classification, reporting timelines and concentration exposures against ESA findings; update RCSA controls for cross-border ICT dependencies.

Source

The European Supervisory Authorities (EBA, EIOPA and ESMA) today published their first annual overview of major ICT-related incidents in the EU financial sector based on the DORA reporting mechanism, noting ICT risks are increasingly borderless and interconnected.

ESAs publish the first report on DORA major ICT-related incidents

Published: 2026-06-03

RH-2026-06-06-009