Supervision release 20 May 2025 – 31/2025

European Banking Authority Guidelines amending Guidelines EBA/2019/04 on information and communication technology (ICT) and security risk management (EBA/GL/2025/02) – applicable from 20.5.2025

The European Banking Authority (EBA) has issued Guidelines EBA/GL/2025/02 amending the Guidelines on information and communication technology (ICT) and security risk management (EBA/2019/04).

The Financial Supervisory Authority has confirmed that it will comply with the Guidelines.

In accordance with Article 16(3) of the EBA Regulation¹ the supervised entities shall make every effort to comply with the EBA/ESMA/EIOPA Guidelines.

Subject matter

Overlaps with the DORA Regulation ((EU) 2022/2554) are eliminated from EBA/2019/04.

Date of application

The Guidelines will apply from 20 May 2025.

For further information, please contact

Pasi Korhonen, Chief Specialist, telephone +358 9 183 5514 or pasi.korhonen(at)fiva.fi

Appendix

EBA guidelines

European Banking Authority Guidelines amending Guidelines EBA/2019/04 on information and communication technology (ICT) and security risk management (EBA/GL/2025/02) – applicable from 20.5.2025

Subject matter

Date of application

For further information, please contact

Appendix

See also