Springlex presents tech and finance legislation from the EU in an accessible and navigable format – for a better legal research experience.
Packages
High common level of cybersecurity (“NIS 2”)
Horisontal legislation to achieve a high common level of cybersecurity for services, establishing national capabilities, cooperation at a EU level, and risk-management measures for entities.
2
legal acts
View documents
Digital operational resilience act (“DORA”)
Comprehensive legislation on various cyber security topics including an oversight framework for service providers, applies to nearly all types of financial entities in the EU.
10
legal acts
2
drafts
View documents
Basic legislative acts
ICT risk management
ICT-related incidents
- Commission Delegated Regulation (EU) 2025/301 RTS on incident reporting
- Commission Delegated Regulation (EU) 2024/1772 RTS on incident classification
- Commission Implementing Regulation (EU) 2025/302 ITS on templates for incident reporting
Digital operational resilience testing
ICT third-party service providers
- Commission Delegated Regulation (EU) 2024/1773 RTS on ICT third-party service provider policy
- Commission Delegated Regulation (EU) 2025/nnn RTS on subcontracting ICT services
- Commission Implementing Regulation (EU) 2024/2956 ITS on register of information
Oversight framework