17/07/2024

The three European Supervisory Authorities (EBA, EIOPA and ESMA – the ESAs) will establish the EU systemic cyber incident coordination framework (EU-SCICF), in the context of the Digital Operational Resilience Act (DORA), that will facilitate an effective financial sector response to a cyber incident that poses a risk to financial stability, by strengthening the coordination among financial authorities and other relevant bodies in the European Union, as well as with key actors at international level.

Over the coming months, the ESAs will kickstart the implementation of the framework by setting up:

  • the EU-SCICF Secretariat, supporting the functioning of the framework;
  • the EU-SCICF Forum, working on testing and maturing the functioning;
  • the EU-SCICF Crisis Coordination, facilitating during a crisis the coordination of actions by the participating authorities.

The ESAs will identify legal and other operational hurdles encountered during the initial set up and report these to the European Commission. The further development of the framework will be subject to the availability of resources and other measures taken by the European Commission.

Background

After identifying a shortfall in crisis management frameworks that could lead to a lack of financial sector coordination in the event of a significant cross-border information and communication technologies (ICT) incident, the European Systemic Risk Board (ESRB) recommended the ESAs to build on the role foreseen in the Digital Operational Resilience Act (DORA), and to gradually develop a pan-European systemic cyber incident coordination framework (EU-SCICF).