The EBA narrowed down the scope of the existing guidelines on ICT and security risk management measures, due to the application of harmonised ICT risk management requirements under DORA.