Digital Operational Resilience Act (DORA), Article 19, Centralisation of reporting of major ICT-related incidents.
1. The ESAs, through the Joint Committee and in consultation with ECB and ENISA, shall prepare a joint report assessing the feasibility of further centralisation of incident reporting through the establishment of a single EU Hub for major ICT-related incident reporting by financial entities. The report shall explore ways to facilitate the flow of ICT-related incident reporting, reduce associated costs and underpin thematic analyses with a view to enhancing supervisory convergence.
2. The report referred to in the paragraph 1 shall comprise at least the following elements:
(a) prerequisites for the establishment of such an EU Hub;
(b) benefits, limitations and possible risks;
(c) elements of operational management;
(d) conditions of membership;
(e) modalities for financial entities and national competent authorities to access the EU Hub;
(f) a preliminary assessment of financial costs entailed by the setting-up the operational platform supporting the EU Hub, including the required expertise.
3. The ESAs shall submit the report referred to in the paragraph 1 to the Commission, the European Parliament and to the Council by xx 202x [OJ: insert date 3 years after the date of entry into force].