DORA
RTS/ITS Deep Dive
Alle DORA RTS und ITS mit detaillierten Requirements, Status-Indikatoren und Implementierungsfortschritt.
Note: Die RTS/ITS-Checklisten basieren auf den veröffentlichten Delegierten Rechtsakten und technischen Durchführungsstandards (Stand 2026).
8 Requirements
6 Requirements
6 Requirements
4 Requirements
5 Requirements
5 Requirements
3 Requirements
5 Requirements
5 Requirements
9
RTS/ITS Categories
47
Total Requirements
6
RTS Instruments
3
ITS Instruments
Overall Implementation Progress
Completed:
Total:
RTS
RTS on Digital Operational Resilience Testing (Art. 24-25)
RTS 2024/1775
Category Progress
Evidence Checklist
| ID | Requirement | Scope | Evidence-Typ | Status | Done |
|---|---|---|---|---|---|
| RTS-TST-01 | Testprogramm nach Art. 24 Abs. 1 | All financial entities | Testing Policy | Required | |
| RTS-TST-02 | Risikobasierte Testfrequenz | All financial entities | Frequency Matrix | Required | |
| RTS-TST-03 | Testarten nach ICT-Asset-Klasse | All financial entities | Test Matrix | Required | |
| RTS-TST-04 | TLPT-Durchführung alle 3 Jahre (EE) | Systemically important | TLPT Report | Required | |
| RTS-TST-05 | Test Coverage — kritische Systeme | All financial entities | Coverage Report | Required | |
| RTS-TST-06 | Unabhängigkeit der Tester | Systemically important | Independence Declaration | Required | |
| RTS-TST-07 | Testdokumentation und Aufbewahrung | All financial entities | Test Archive | Required | |
| RTS-TST-08 | Management-Review der Testergebnisse | All financial entities | Review Minutes | Required |
RTS
RTS on Incident Classification (Art. 17-18)
RTS 2024/1774
Category Progress
Evidence Checklist
| ID | Requirement | Scope | Evidence-Typ | Status | Done |
|---|---|---|---|---|---|
| RTS-INC-01 | Incident-Klassifikation nach DORA-Kriterien | All financial entities | Classification Matrix | Required | |
| RTS-INC-02 | Initiale Meldung innerhalb 24h | All financial entities | Incident Log | Required | |
| RTS-INC-03 | Interim-Meldung nach 72h | All financial entities | Incident Log | Required | |
| RTS-INC-04 | Abschlussmeldung nach 1 Monat | All financial entities | Final Report | Required | |
| RTS-INC-05 | Schwellenwerte für schwerwiegende Vorfälle | All financial entities | Threshold Matrix | Required | |
| RTS-INC-06 | Kundenbenachrichtigung bei wesentlichen Vorfällen | All financial entities | Customer Notification Log | Required |
RTS
RTS on Subcontracting of Critical ICT Services (Art. 28-30)
RTS 2024/1776
Category Progress
Evidence Checklist
| ID | Requirement | Scope | Evidence-Typ | Status | Done |
|---|---|---|---|---|---|
| RTS-SUB-01 | Vorherige Genehmigung für Sub-Auslagerungen | All financial entities | Approval Record | Required | |
| RTS-SUB-02 | Risikoanalyse vor Sub-Auslagerung | All financial entities | Risk Assessment | Required | |
| RTS-SUB-03 | Vertragliche Anforderungen an Sub-Provider | All financial entities | Contract Clause | Required | |
| RTS-SUB-04 | Kontinuierliches Monitoring der Sub-Provider | All financial entities | Monitoring Report | Required | |
| RTS-SUB-05 | Sub-Provider Registerführung | All financial entities | Sub-Provider Register | Required | |
| RTS-SUB-06 | Exit-Strategie bei Sub-Provider-Ausfall | All financial entities | Exit Plan | Required |
ITS
ITS on Information Register Standardisation (Art. 28)
ITS 2024/1777
Category Progress
Evidence Checklist
| ID | Requirement | Scope | Evidence-Typ | Status | Done |
|---|---|---|---|---|---|
| ITS-REG-01 | Standardisiertes Informationsregister | All financial entities | Register Export | Required | |
| ITS-REG-02 | Registerspalten nach ITS-Vorgabe | All financial entities | Register Schema | Required | |
| ITS-REG-03 | Jährliche Aktualisierung | All financial entities | Update Log | Required | |
| ITS-REG-04 | Register-Abfragbarkeit für Aufsicht | All financial entities | Access Credentials | Required |
RTS
RTS on Threat Intelligence & Information Sharing (Art. 19-20)
RTS 2024/1778
Category Progress
Evidence Checklist
| ID | Requirement | Scope | Evidence-Typ | Status | Done |
|---|---|---|---|---|---|
| RTS-TI-01 | Threat Intelligence Gathering Framework | Large entities | Threat Intel Policy | Required | |
| RTS-TI-02 | Information Sharing Arrangements | All financial entities | Sharing Agreement | Required | |
| RTS-TI-03 | Threat Intelligence Quality Assessment | Large entities | Quality Metrics | Required | |
| RTS-TI-04 | Cross-Border Intelligence Sharing | Large entities | Cross-Border Protocol | Optional | |
| RTS-TI-05 | Automatisierte Bedrohungsanalyse | Large entities | Automation Report | Optional |
ITS
ITS on Penetration Testing Standards (Art. 24-25)
ITS 2024/1779
Category Progress
Evidence Checklist
| ID | Requirement | Scope | Evidence-Typ | Status | Done |
|---|---|---|---|---|---|
| ITS-PT-01 | Penetration Testing Methodology | All financial entities | Testing Methodology | Required | |
| ITS-PT-02 | Test Scope Definition | All financial entities | Scope Document | Required | |
| ITS-PT-03 | Vulnerability Classification | All financial entities | Classification Scheme | Required | |
| ITS-PT-04 | Remediation Tracking | All financial entities | Remediation Log | Required | |
| ITS-PT-05 | Test Report Standards | All financial entities | Report Template | Required |
RTS
RTS on Simplified ICT Risk Management Framework (Art. 4-5)
RTS 2024/1780
Category Progress
Evidence Checklist
| ID | Requirement | Scope | Evidence-Typ | Status | Done |
|---|---|---|---|---|---|
| RTS-RMF-01 | Simplified Risk Assessment Methodology | Small entities | Risk Methodology | Required | |
| RTS-RMF-02 | Proportional Control Framework | Small entities | Control Matrix | Required | |
| RTS-RMF-03 | Simplified Incident Reporting | Small entities | Incident Template | Required |
ITS
ITS on Threat-Led Penetration Testing (Art. 24-25)
ITS 2024/1781
Category Progress
Evidence Checklist
| ID | Requirement | Scope | Evidence-Typ | Status | Done |
|---|---|---|---|---|---|
| ITS-TLPT-01 | TLPT Threat Intelligence Input | Systemically important | Threat Intel Package | Required | |
| ITS-TLPT-02 | Red Team Testing Framework | Systemically important | Red Team Charter | Required | |
| ITS-TLPT-03 | Rules of Engagement (RoE) | Systemically important | RoE Document | Required | |
| ITS-TLPT-04 | TLPT-Ergebnisbericht und Maßnahmen | Systemically important | TLPT Findings Report | Required | |
| ITS-TLPT-05 | TLPT-Wiederholungsturnus (max. 3 Jahre) | Systemically important | Test Schedule | Required |
RTS
RTS on Digital Operational Resilience Framework (Art. 6-11)
RTS 2024/1782
Category Progress
Evidence Checklist
| ID | Requirement | Scope | Evidence-Typ | Status | Done |
|---|---|---|---|---|---|
| RTS-DOPS-01 | ICT-Risikomanagement-Rahmenwerk | All financial entities | ICT Risk Policy | Required | |
| RTS-DOPS-02 | Identifikation kritischer ICT-Dienste | All financial entities | Critical Services Register | Required | |
| RTS-DOPS-03 | ICT-Business-Continuity-Pläne | All financial entities | BCP Documentation | Required | |
| RTS-DOPS-04 | Backup- und Wiederherstellungsverfahren | All financial entities | Backup Policy | Required | |
| RTS-DOPS-05 | Operationale Resilienz-Kennzahlen | Large entities | KPI Dashboard | Optional |
Export Compliance Status
Download your implementation progress report
Referenzen
- RTS 2024/1775 — RTS on Digital Operational Resilience Testing (Art. 24-25)
- RTS 2024/1774 — RTS on Incident Classification (Art. 17-18)
- RTS 2024/1776 — RTS on Subcontracting of Critical ICT Services (Art. 28-30)
- ITS 2024/1777 — ITS on Information Register Standardisation (Art. 28)
- RTS 2024/1778 — RTS on Threat Intelligence & Information Sharing (Art. 19-20)
- ITS 2024/1779 — ITS on Penetration Testing Standards (Art. 24-25)
- RTS 2024/1780 — RTS on Simplified ICT Risk Management Framework (Art. 4-5)
- ITS 2024/1781 — ITS on Threat-Led Penetration Testing (Art. 24-25)
- RTS 2024/1782 — RTS on Digital Operational Resilience Framework (Art. 6-11)
- Alle RTS/ITS gelten ab 17. Januar 2025 direkt in den Mitgliedstaaten.