Source: OJ L 333, 27.12.2022, p. 1–79Current language: EN
- Digital operational resilience in the financial sector
Basic legislative acts
- DORA regulation
Article 2 Scope
Summary What does Article 2 of the DORA regulation say?
This is the foundational scope article for DORA, establishing which entities the regulation applies to.
It casts a wide net across the financial sector, covering a broad range of entities from credit institutions and payment firms through to crypto-asset service providers, insurance intermediaries, and ICT third-party service providers.
Crucially, the article also carves out a number of exclusions, meaning that certain smaller or otherwise exempt entities falling within those same categories will not be subject to the regulation.
Member States are additionally given discretion to exclude certain entities located in their territory, with a transparency obligation to inform the Commission of any such decision.
Important points:
- DORA applies to a wide range of financial sector entities, collectively referred to as "financial entities," as well as ICT third-party service providers.
- Certain entities are explicitly excluded from scope, including very small insurance intermediaries that qualify as microenterprises or small and medium-sized enterprises, and institutions for occupational retirement provision with no more than 15 members.
- Member States have the option to exclude certain nationally-located entities from scope, but must notify the Commission and ensure that information is made publicly available.
Springlex's summary of the article, a reading aid, not a substitute for the legal text.
Without prejudice to paragraphs 3 and 4, this Regulation applies to the following entities:
credit institutions;
payment institutions, including payment institutions exempted pursuant to Directive (EU) 2015/2366;
account information service providers;
electronic money institutions, including electronic money institutions exempted pursuant to Directive 2009/110/EC;
investment firms;
crypto-asset service providers as authorised under a Regulation of the European Parliament and of the Council on markets in crypto-assets, and amending Regulations (EU) No 1093/2010 and (EU) No 1095/2010 and Directives 2013/36/EU and (EU) 2019/1937 (‘the Regulation on markets in crypto-assets’) and issuers of asset-referenced tokens;
central securities depositories;
central counterparties;
trading venues;
trade repositories;
managers of alternative investment funds;
management companies;
data reporting service providers;
insurance and reinsurance undertakings;
insurance intermediaries, reinsurance intermediaries and ancillary insurance intermediaries;
institutions for occupational retirement provision;
credit rating agencies;
administrators of critical benchmarks;
crowdfunding service providers;
securitisation repositories;
ICT third-party service providers.
For the purposes of this Regulation, entities referred to in paragraph 1, points (a) to (t), shall collectively be referred to as ‘financial entities’.
This Regulation does not apply to:
managers of alternative investment funds as referred to in Article 3(2) of Directive 2011/61/EU;
insurance and reinsurance undertakings as referred to in Article 4 of Directive 2009/138/EC;
institutions for occupational retirement provision which operate pension schemes which together do not have more than 15 members in total;
natural or legal persons exempted pursuant to Articles 2 and 3 of Directive 2014/65/EU;
insurance intermediaries, reinsurance intermediaries and ancillary insurance intermediaries which are microenterprises or small or medium-sized enterprises;
post office giro institutions as referred to in Article 2(5), point (3), of Directive 2013/36/EU.
Member States may exclude from the scope of this Regulation entities referred to in Article 2(5), points (4) to (23), of Directive 2013/36/EU that are located within their respective territories. Where a Member State makes use of such option, it shall inform the Commission thereof as well as of any subsequent changes thereto. The Commission shall make that information publicly available on its website or other easily accessible means.
Relevant recitals
Recital 20 NIS2 applies to critical ICT TPSPs
Cloud computing service providers are one category of digital infrastructure covered by Directive (EU) 2022/2555. The Union Oversight Framework (‘Oversight Framework’) established by this Regulation applies to all critical ICT third-party service providers, including cloud computing service providers providing ICT services to financial entities, and should be considered complementary to the supervision carried out pursuant to Directive (EU) 2022/2555. Moreover, the Oversight Framework established by this Regulation should cover cloud computing service providers in the absence of a Union horizontal framework establishing a digital oversight authority.
Recital 37 Scope of regulation
Account information service providers, referred to in Article 33(1) of Directive (EU) 2015/2366, are explicitly included in the scope of this Regulation, taking into account the specific nature of their activities and the risks arising therefrom. In addition, electronic money institutions and payment institutions exempted pursuant to Article 9(1) of Directive 2009/110/EC of the European Parliament and of the Council(14) and Article 32(1) of Directive (EU) 2015/2366 are included in the scope of this Regulation even if they have not been granted authorisation in accordance Directive 2009/110/EC to issue electronic money, or if they have not been granted authorisation in accordance with Directive (EU) 2015/2366 to provide and execute payment services. However, post office giro institutions, referred to in Article 2(5), point (3), of Directive 2013/36/EU of the European Parliament and of the Council(15), are excluded from the scope of this Regulation. The competent authority for payment institutions exempted pursuant to Directive (EU) 2015/2366, electronic money institutions exempted pursuant to Directive 2009/110/EC and account information service providers as referred to in Article 33(1) of Directive (EU) 2015/2366, should be the competent authority designated in accordance with Article 22 of Directive (EU) 2015/2366.
Recital 39 Exemptions for specific financial entities
Some financial entities benefit from exemptions or are subject to a very light regulatory framework under the relevant sector-specific Union law. Such financial entities include managers of alternative investment funds referred to in Article 3(2) of Directive 2011/61/EU of the European Parliament and of the Council(16), insurance and reinsurance undertakings referred to in Article 4 of Directive 2009/138/EC of the European Parliament and of the Council(17), and institutions for occupational retirement provision which operate pension schemes which together do not have more than 15 members in total. In light of those exemptions it would not be proportionate to include such financial entities in the scope of this Regulation. In addition, this Regulation acknowledges the specificities of the insurance intermediation market structure, with the result that insurance intermediaries, reinsurance intermediaries and ancillary insurance intermediaries qualifying as microenterprises or as small or medium-sized enterprises should not be subject to this Regulation.
Recital 40 Exclusion of entities from the scope of the regulation
Since the entities referred to in Article 2(5), points (4) to (23), of Directive 2013/36/EU are excluded from the scope of that Directive, Member States should consequently be able to choose to exempt from the application of this Regulation such entities located within their respective territories.
Recital 41 Exclusion of natural and legal persons according to MiFID 2
Similarly, in order to align this Regulation to the scope of Directive 2014/65/EU of the European Parliament and of the Council(18), it is also appropriate to exclude from the scope of this Regulation natural and legal persons referred in Articles 2 and 3 of that Directive which are allowed to provide investment services without having to obtain an authorisation under Directive 2014/65/EU. However, Article 2 of Directive 2014/65/EU also excludes from the scope of that Directive entities which qualify as financial entities for the purposes of this Regulation such as, central securities depositories, collective investment undertakings or insurance and reinsurance undertakings. The exclusion from the scope of this Regulation of the persons and entities referred to in Articles 2 and 3 of that Directive should not encompass those central securities depositories, collective investment undertakings or insurance and reinsurance undertakings.
Springlex and this text is meant purely as a documentation tool and has no legal effect. No liability is assumed for its content. The authentic version of this act is the one published in the Official Journal of the European Union.
Definition
electronic money institution
Definition
securitisation repository
Definition
manager of alternative investment funds
Definition
credit rating agency
Definition
central counterparty
Definition
insurance intermediary
Definition
management company
Definition
ICT third-party service provider
Definition
electronic money institution exempted pursuant to Directive 2009/110/EC
Definition
crypto-asset service provider
Definition
payment institution
Definition
trading venue
Definition
trade repository
Definition
reinsurance intermediary
Definition
critical ICT third-party service provider
Definition
medium-sized enterprise
Definition
investment firm
Definition
administrator of critical benchmarks
Definition
institution for occupational retirement provision
Definition
microenterprise
Definition
payment institution exempted pursuant to Directive (EU) 2015/2366
Definition
account information service provider
Definition
credit institution
Definition
small enterprise
Definition
ancillary insurance intermediary
Definition
reinsurance undertaking
Definition
ICT services
Definition
crowdfunding service provider
Definition
data reporting service provider
Definition
central securities depository
Definition
issuer of asset-referenced tokens
Footnote 15
Footnote 17
Footnote 14
Footnote 18
Footnote 16