Regulation (EU) 2022/2554 of the European Parliament and of the Council of 14 December 2022 on digital operational resilience for the financial sector and amending Regulations (EC) No 1060/2009, (EU) No 648/2012, (EU) No 600/2014, (EU) No 909/2014 and (EU) 2016/1011 (Text with EEA relevance) (Digital Operational Resilience Act (DORA) / Regulation on digital operational resilience for the financial sector)

Proposed changes

Text with proposed changes from COM(2023) 360 final / 2023/0205 (COD)

Comparing proposed amendment...


	Recitals
	Chapter I General provisions (arts. 1-4)
Entered into force	Article 1 Subject matter
Entered into force	Article 2 Scope
Entered into force	Article 3 Definitions
Entered into force	Article 4 Proportionality principle
	Chapter II ICT risk management (arts. 5-16)
	Section I (art. 5)
Entered into force	Article 5 Governance and organisation
	Section II (arts. 6-16)
Entered into force	Article 6 ICT risk management framework
Entered into force	Article 7 ICT systems, protocols and tools
Entered into force	Article 8 Identification
Entered into force	Article 9 Protection and prevention
Entered into force	Article 10 Detection
Entered into force	Article 11 Response and recovery
Entered into force	Article 12 Backup policies and procedures, restoration and recovery procedures and methods
Entered into force	Article 13 Learning and evolving
Entered into force	Article 14 Communication
Entered into force	Article 15 Further harmonisation of ICT risk management tools, methods, processes and policies
Entered into force	Article 16 Simplified ICT risk management framework
	Chapter III ICT-related incident management, classification and reporting (arts. 17-23)
Entered into force	Article 17 ICT-related incident management process
Entered into force	Article 18 Classification of ICT-related incidents and cyber threats
Entered into force	Article 19 Reporting of major ICT-related incidents and voluntary notification of significant cyber threats
Entered into force	Article 20 Harmonisation of reporting content and templates
Entered into force	Article 21 Centralisation of reporting of major ICT-related incidents
Entered into force	Article 22 Supervisory feedback
Entered into force	Article 23 Operational or security payment-related incidents concerning credit institutions, payment institutions, account information service providers, and electronic money institutions
	Chapter IV Digital operational resilience testing (arts. 24-27)
Entered into force	Article 24 General requirements for the performance of digital operational resilience testing
Entered into force	Article 25 Testing of ICT tools and systems
Entered into force	Article 26 Advanced testing of ICT tools, systems and processes based on TLPT
Entered into force	Article 27 Requirements for testers for the carrying out of TLPT
	Chapter V Managing of ICT third-party risk (arts. 28-44)
	Section I Key principles for a sound management of ICT third-party risk (arts. 28-30)
Entered into force	Article 28 General principles
Entered into force	Article 29 Preliminary assessment of ICT concentration risk at entity level
Entered into force	Article 30 Key contractual provisions
	Section II Oversight Framework of critical ICT third-party service providers (arts. 31-44)
Entered into force	Article 31 Designation of critical ICT third-party service providers
Entered into force	Article 32 Structure of the Oversight Framework
Entered into force	Article 33 Tasks of the Lead Overseer
Entered into force	Article 34 Operational coordination between Lead Overseers
Entered into force	Article 35 Powers of the Lead Overseer
Entered into force	Article 36 Exercise of the powers of the Lead Overseer outside the Union
Entered into force	Article 37 Request for information
Entered into force	Article 38 General investigations
Entered into force	Article 39 Inspections
Entered into force	Article 40 Ongoing oversight
Entered into force	Article 41 Harmonisation of conditions enabling the conduct of the oversight activities
Entered into force	Article 42 Follow-up by competent authorities
Entered into force	Article 43 Oversight fees
Entered into force	Article 44 International cooperation
	Chapter VI Information-sharing arrangements (art. 45)
Entered into force	Article 45 Information-sharing arrangements on cyber threat information and intelligence
	Chapter VII Competent authorities (arts. 46-56)
Entered into force	Article 46 Competent authorities
Entered into force	Article 47 Cooperation with structures and authorities established by Directive (EU) 2022/2555
Entered into force	Article 48 Cooperation between authorities
Entered into force	Article 49 Financial cross-sector exercises, communication and cooperation
Entered into force	Article 50 Administrative penalties and remedial measures
Entered into force	Article 51 Exercise of the power to impose administrative penalties and remedial measures
Entered into force	Article 52 Criminal penalties
Entered into force	Article 53 Notification duties
Entered into force	Article 54 Publication of administrative penalties
Entered into force	Article 55 Professional secrecy
Entered into force	Article 56 Data Protection
	Chapter VIII Delegated acts (art. 57)
Entered into force	Article 57 Exercise of the delegation
	Chapter IX Transitional and final provisions (arts. 58-64)
	Section I (art. 58)
Entered into force	Article 58 Review clause
	Section II Amendments (arts. 59-64)
Entered into force	Article 59 Amendments to Regulation (EC) No 1060/2009
Entered into force	Article 60 Amendments to Regulation (EU) No 648/2012
Entered into force	Article 61 Amendments to Regulation (EU) No 909/2014
Entered into force	Article 62 Amendments to Regulation (EU) No 600/2014
Entered into force	Article 63 Amendment to Regulation (EU) 2016/1011
Entered into force	Article 64 Entry into force and application
	Done at

Page overview

RELATED

Document overview

Set a date to view the document

Text comparison

Print / Export Options

Export

Report template

Alert me to changes

Bookmarks

Search within this document

Request a trial

The best way to experience Better Regulation is to try it - free and without obligation.

Set a date to view the document

Text comparison

Print / Export Options

Export

Report template

Alert me to changes

Bookmarks

Search within this document

Share

Log in

Request a trial

The best way to experience Better Regulation is to try it - free and without obligation.