Art. 10 Detection | DORA regulation | DORA

This article sits within DORA's broader ICT risk management framework and focuses specifically on the detection layer: financial entities must have mechanisms in place to promptly spot anomalous activities, ICT-related incidents, and potential single points of failure.

It connects directly to Article 17 (incident management) and Article 25 (testing), meaning these detection mechanisms do not operate in isolation but feed into the wider incident response and testing obligations.

The article also places a specific additional obligation on data reporting service providers, requiring them to run checks on the completeness and accuracy of trade reports.

Important points:

Have detection mechanisms in place that support multiple layers of control, defined alert thresholds, and automatic alerts to staff responsible for incident response.
Devote sufficient resources and capabilities to monitor user activity, ICT anomalies, and ICT-related incidents, with particular attention to cyber-attacks.
Data reporting service providers are subject to an additional requirement to maintain systems that check trade reports for completeness, omissions, and obvious errors.

1. Financial entities shall have in place mechanisms to promptly detect anomalous activities, in accordance with Article 17, including ICT network performance issues and ICT-related incidents, and to identify potential material single points of failure.
2. All detection mechanisms referred to in the first subparagraph shall be regularly tested in accordance with Article 25.
1. The detection mechanisms referred to in paragraph 1 shall enable multiple layers of control, define alert thresholds and criteria to trigger and initiate ICT-related incident response processes, including automatic alert mechanisms for relevant staff in charge of ICT-related incident response.
1. Financial entities shall devote sufficient resources and capabilities to monitor user activity, the occurrence of ICT anomalies and ICT-related incidents, in particular cyber-attacks.
1. Data reporting service providers shall, in addition, have in place systems that can effectively check trade reports for completeness, identify omissions and obvious errors, and request re-transmission of those reports.