Source: OJ L 333, 27.12.2022, p. 1–79

Current language: EN

Article 49 Financial cross-sector exercises, communication and cooperation


Summary What does Article 49 of the DORA regulation say?

This article sits within the broader supervisory cooperation framework of DORA and focuses on cross-sector coordination and information sharing among the key regulatory and supervisory bodies.

It empowers the ESAs, acting through the Joint Committee and alongside a wide range of partners including competent authorities, the ECB, ENISA, and resolution authorities, to establish shared practices and run crisis simulation exercises aimed at building a coordinated Union-level response to systemic cyber threats.

The article also places a firm obligation on competent authorities, ESAs, and the ECB to cooperate closely and exchange information in carrying out their duties under the regulation's supervisory chapters.

Important points:

  • The ESAs may establish cross-sector information-sharing mechanisms and develop crisis management exercises involving cyber-attack scenarios, including testing dependencies on other economic sectors.
  • These exercises are oriented toward enabling a coordinated response at Union level in the event of a major cross-border ICT-related incident with systemic impact.
  • Competent authorities, ESAs, and the ECB are required to cooperate closely, exchange information, coordinate supervision, and provide cross-jurisdictional assessments in the event of disagreements.

Springlex's summary of the article, a reading aid, not a substitute for the legal text.

    1. The ESAs, through the Joint Committee and in collaboration with competent authorities, resolution authorities as referred to in Article 3 of Directive 2014/59/EU, the ECB, the Single Resolution Board as regards information relating to entities falling under the scope of Regulation (EU) No 806/2014, the ESRB and ENISA, as appropriate, may establish mechanisms to enable the sharing of effective practices across financial sectors to enhance situational awareness and identify common cyber vulnerabilities and risks across sectors.

    2. They may develop crisis management and contingency exercises involving cyber-attack scenarios with a view to developing communication channels and gradually enabling an effective coordinated response at Union level in the event of a major cross-border ICT-related incident or related threat having a systemic impact on the Union’s financial sector as a whole.

    3. Those exercises may, as appropriate, also test the financial sector’s dependencies on other economic sectors.

    1. Competent authorities, ESAs and the ECB shall cooperate closely with each other and exchange information to carry out their duties pursuant to Articles 47 to 54. They shall closely coordinate their supervision in order to identify and remedy breaches of this Regulation, develop and promote best practices, facilitate collaboration, foster consistency of interpretation and provide cross-jurisdictional assessments in the event of any disagreements.

We're continuously improving our platform to serve you better.

Your feedback matters! Let us know how we can improve.

Found a bug?

Springflod is a Swedish boutique consultancy firm specialising in cyber security within the financial services sector.

We offer professional services concerning information security governance, risk and compliance.

Crafted with ❤️ by Springflod