AI Forensics’ Post

Some good clarity on this issue https://lnkd.in/eag9hF-u

Good to finally have clarity about ICT services between FEs, which is bound to also affect intragroup ICT services in certain cases. A pity that such clarity was only provided after go-live.

It is a short 7 days until the final drafts of the Regulatory Technical Standards (RTS’s) are set to be released to the general public by the European Supervisory Authorities (ESA’s) . In these the ESA’s will focus on: Technical standards on content, timelines and templates on incident reporting Guidance on aggregated costs and losses from major incidents Technical standards on subcontracting of critical or important functions Technical stands on oversight on harmonization Oversight cooperation between ESAs and competent authorities Technical standards on threat-led penetration testing (TLPT) It will be interesting to see the final text when it comes out, especially around the testing standards. With the need to be compliant by January 17th, 2025. It leaves less than 190 days to ensure your firm is ready. Head over to our blog to read more about how certain regulators are already making DORA a focus in their communications with the firms in their domain. https://lnkd.in/eMyXiBJY Want to know more? Reach out to us via the contact us button and we will schedule some time to chat about how we can help your firm on their compliance journey.

This is a very useful piece, especially the initial diagram of the process and the point about the need to collect data and not just access data processed by the VLOPSEs.

Ulrike Klinger, Jakob Ohme and my piece on the draft delegated act for non-public data access in #DSA40 is now featured on Tech Policy Press! In it, we argue that for systemic risk mitigation to work, access must be reliable & accessible. The draft is a good start, but doesn't ensure these foundations of risk governance. Read here: https://lnkd.in/e9wrpC9u Do you agree? If so, you can still submit feedback until next Tuesday (10 December) - the more people call for a solid foundation for data access, the better! And while you're at it, make sure to follow our project, the DSA 40 Data Access Collaboratory!

Great contribution. Two of of the biggest challenges are a) aligning risk appetites and company values to #AIIA, and b) aligning multiple reviews to reflect a)

We're less than three months away from DORA coming into effect for financial service and ICT organisations. In this e-guide, we cover what is included in the legislation, how it will impact your organisation, and what you can do to prepare. Read our E-guide here 👉 https://lnkd.in/eRGgWQNC

Very large online platforms and search engines to publish first risk assessment and audit reports under the Digital Services Act #DSA https://lnkd.in/d4aENQj4

The dry run aims to prepare financial entities for compliance with the Digital Operational Resilience Act (DORA) by testing their ability to create and submit a register of information on their contractual arrangements with ICT third-party providers. Timeline: The dry run will occur in the second half of 2024, with a deadline for submission by August 30th. Participants: All financial entities within the scope of DORA are encouraged to participate. Support Provided: The ESAs will provide participants with tools and resources, including a draft data point model, CSV specifications, instructions, and an Excel template. Feedback: Participants will receive individual feedback on their data quality and a cleaned register of information dataset. The ESAs will also publish a report with general findings and hold a workshop to share lessons learned. Firm Implications: Preparation: Firms should start preparing their information registers now, using the tools and resources provided by the ESAs. Data Quality: Firms should focus on ensuring the accuracy and completeness of their data, as this will be a crucial focus of the dry run. Internal Processes: The dry run can help firms identify and improve their internal processes for collecting and managing ICT third-party provider data. Regulatory Compliance: Participation in the dry run will demonstrate a proactive approach to regulatory compliance and help firms prepare for the official DORA reporting requirements in 2025. Learning Opportunity: The feedback from the ESAs and the lessons learned workshop will provide valuable insights for firms to refine their approach to ICT risk management and operational resilience further. Overall, the dry run presents a valuable opportunity for firms to test their readiness for DORA compliance and gain valuable feedback from regulators. By actively participating, firms can identify and address potential issues early, ensuring a smoother transition to the new regulatory framework. #dora https://lnkd.in/gxS-6EYD

Watch on Demand Gain vital insights with our "Managing Serious Contractor Incidents" webinar from our LinkSafe Legal series. Discover essential strategies for proactive preparation and legal risk management. Learn how to handle potential incidents involving contractors effectively and how to prepare for regulatory inquiries post-incident. Watch on demand now to safeguard your operations with confidence: https://ow.ly/HhSo50RbYJo