EBA Amends ICT Risk Guidelines for DORA
The EBA amended its ICT and security risk management guidelines due to DORA. The guidelines now apply only to entities covered by DORA (credit institutions, payment institutions, etc.) and focus solely on payment service user relationship management. PSD2 security and operational risk requirements still apply to other payment service providers not under DORA.