1. European
  2. Legislation (EU)
  3. EU Regulations
  4. 2022
Date-stamp loading
  1. Regulation (EU) 2022/2554 of the European Parliament and of the Council of 14 December 2022 on digital operational resilience for the financial sector and amending Regulations (EC) No 1060/2009, (EU) No 648/2012, (EU) No 600/2014, (EU) No 909/2014 and (EU) 2016/1011 (Text with EEA relevance) (Digital Operational Resilience Act (DORA) / Regulation on digital operational resilience for the financial sector)
  2. Chapter I General provisions (arts. 1-4)
  3. Article 1 Subject matter
Previous Next
Version status: Entered into force | Document consolidation status: No known changes
Version date: 16 January 2023 - 16 January 2025
  Version 2 of 3  

Article 1 Subject matter

1. In order to achieve a high common level of digital operational resilience, this Regulation lays down uniform requirements concerning the security of network and information systems supporting the business processes of financial entities as follows:

(a) requirements applicable to financial entities in relation to:

(i) information and communication technology (ICT) risk management;

(ii) reporting of major ICT-related incidents and notifying, on a voluntary basis, significant cyber threats to the competent authorities;

(iii) reporting of major operational or security payment-related incidents to the competent authorities by financial entities referred to in Article 2(1), points (a) to (d);

(iv) digital operational resilience testing;

(v) information and intelligence sharing in relation to cyber threats and vulnerabilities;

(vi) measures for the sound management of ICT third-party risk;

(b) requirements in relation to the contractual arrangements concluded between ICT third-party servi

Comparing proposed amendment...
Previous Next