Seðlabanki Íslands | Sameiginlegar viðmiðunarreglur EBA, ESMA og EIOPA um áætlaðan kostnað og tap af völdum alvarlegra atvika tengd upplýsinga- og fjarskiptatækni samkvæmt DORA (JC 2024 34)
The update addresses operational resilience and incident reporting requirements for financial institutions across banking, securities, and insurance sectors, but lacks specific product/service focus and instead emphasizes cross-sectoral regulatory compliance frameworks.
Low confidence — REQUIRES HUMAN REVIEW. The guidelines apply broadly to credit institutions and investment firms across multiple sectors; this is a horizontal operational resilience directive rather than a product-specific update, making traditional taxonomy classification challenging.
Specialism
The update directly addresses DORA incident cost reporting and operational resilience frameworks, establishing standardized methodologies for financial institutions to calculate and report losses from serious digital incidents.
Mandatory inheritance: Operational Resilience is a child of Supervision, so Supervision must be raised as the secondary tag.
2026-03-06 09:13:47·adavies@vixio.com
Meta Id
2937410
GUID
6509e95beb48d29360dfa5dd9e68a193
Pipeline Progress
🔄 Pipeline Journey
⏱
8s
total
✓
Queued09:13:38
+0s
✓
Metadata09:13:38
+1s
✓
S3 Content09:13:39
+0s
✓
Extracted09:13:39
+3s
✓
LLM Gen09:13:42
+4s
✓
Stored09:13:46
TITLE: Iceland's Central Bank Publishes Joint Guidelines on Digital Operational Resilience Act Incident Costs
BODY:
On March 4, 2026, Seðlabanki Íslands (Central Bank of Iceland) published joint guidelines developed by the European Banking Authority (EBA), European Securities and Markets Authority (ESMA), and European Insurance and Occupational Pensions Authority (EIOPA) concerning estimated costs and losses arising from serious incidents related to information and communication technology under the Digital Operational Resilience Act (DORA).
The guidelines, issued as Circular 8/2026, establish common reference standards for financial institutions operating across the European Union and European Economic Area to calculate and report the estimated financial impact of significant digital operational incidents. These joint guidelines aim to ensure consistent application of DORA requirements across banking, securities, and insurance sectors, promoting harmonised approaches to incident cost assessment and loss quantification. The guidelines address how financial institutions should estimate both direct and indirect costs resulting from serious information and communication technology incidents, supporting regulatory reporting obligations and operational resilience frameworks established under DORA.
Financial institutions subject to DORA requirements should review these guidelines to ensure compliance with the standardised cost and loss estimation methodologies. The guidelines are applicable to credit institutions, investment firms, and other regulated financial entities operating in Iceland and across the EU/EEA. Institutions should implement the recommended approaches in their incident reporting and operational resilience frameworks accordingly.
**Reference:**
Seðlabanki Íslands – Circular 8/2026