After identifying a gap in crisis management frameworks that could lead to a lack of coordination in the financial sector during a significant cross-border incident related to information and communication technologies (ICT), the European Systemic Risk Board (ESRB) recommended that the European Supervisory Authorities (EBA, EIOPA, and ESMA – the ESAs) leverage the role outlined in the Digital Operational Resilience Act (DORA) to gradually develop a pan-European coordination framework for systemic cyber incidents (EU-SCICF).
In July 2023, as a first step towards implementing this recommendation, the ESAs, the European Central Bank (ECB), and the Member States, through their respective national competent authorities, designated a main point of contact for the EU-SCICF and informed the ESAs’ secretariat of this designation. This point of contact was created to facilitate the development of the framework and will be involved in the EU-SCICF crisis management process.
On July 17, 2024, the three European Supervisory Authorities announced in a joint communication the establishment of the EU Coordination Framework for Systemic Cyber Incidents (EU-SCICF), within the context of the Digital Operational Resilience Act (DORA).
This coordination framework aims to facilitate an effective response from the financial sector to cyber incidents that could threaten financial stability, enhancing coordination among financial authorities, other relevant EU bodies, and key international actors.
In the coming months, the ESAs will proceed with the implementation of the coordination framework for systemic cyber incidents through the creation of:
- The EU-SCICF Secretariat, which will support the functioning of the framework;
- The EU-SCICF Forum, which will work to test and refine the operations of the framework;
- The EU-SCICF Crisis Coordination, which will facilitate the coordination of actions by the participating authorities during a crisis.
The European Supervisory Authorities will identify and report to the European Commission any legal and operational obstacles encountered during the initial phase of the framework’s implementation.