DORA itself uses the term risk tolerance level (singular). But the supplementing Delegated Regulation EU 2024/1774 uses both risk tolerance level (singular) and risk tolerance levels (plural). Thus, questions arise, if some or all financial entities are permitted to / required to determine more than one risk tolerance level of ICT risk. References in the singular/risk tolerance level: Article 6 (8) (b) and Article 5 (2) (d) REGULATION (EU) 2022/2554, Article 3 (1) (a), (c), (d) and Article 11 (2) (f) Delegated Regulation EU 2024/1774. References in the plural/risk tolerance levels: Article 3 (2) (b) and Article 31 (1) (a) and (c) Delegated Regulation EU 2024/1774.

The question has been rejected because the question is seeking confirmation of a requirement already clearly set out in the regulation.