The European Banking Authority (EBA) published its final Guidelines on ICT and security risk management. These Guidelines establish requirements for credit institutions, investment firms and payment service providers (PSPs) on the mitigation and management of their information and communication technology (ICT) and security risks and aim to ensure a consistent and robust approach across the EU market.