Source: OJ L 333, 27.12.2022, p. 1–79

Current language: EN

Article 51 Exercise of the power to impose administrative penalties and remedial measures

Summary What does Article 51 of the DORA regulation say?

This article builds directly on Article 50, which establishes the powers of competent authorities to impose administrative penalties and remedial measures.

Article 51 deals with how those powers are to be exercised in practice: it sets out the modes through which competent authorities can act, and the factors they must weigh when deciding on the type and severity of a penalty.

In essence, it governs the "how" of enforcement, leaving flexibility for national legal frameworks while establishing a common set of considerations to ensure consistent decision-making across jurisdictions.

Important points:

  • Competent authorities are required to exercise enforcement powers either directly, in collaboration with other authorities, by delegation, or through judicial authorities, in line with national frameworks.
  • Competent authorities are required to consider a range of factors when calibrating penalties, including the gravity and duration of the breach, the financial strength of the offender, profits gained or losses avoided, third-party losses, cooperation levels, and prior breaches.
  • Whether a breach was intentional or the result of negligence is a central consideration in determining the appropriate penalty or remedial measure.

Springlex's summary of the article, a reading aid, not a substitute for the legal text.

    1. Competent authorities shall exercise the powers to impose administrative penalties and remedial measures referred to in Article 50 in accordance with their national legal frameworks, where appropriate, as follows:

      1. directly;

      2. in collaboration with other authorities;

      3. under their responsibility by delegation to other authorities; or

      4. by application to the competent judicial authorities.

    1. Competent authorities, when determining the type and level of an administrative penalty or remedial measure to be imposed under Article 50, shall take into account the extent to which the breach is intentional or results from negligence, and all other relevant circumstances, including the following, where appropriate:

      1. the materiality, gravity and the duration of the breach;

      2. the degree of responsibility of the natural or legal person responsible for the breach;

      3. the financial strength of the responsible natural or legal person;

      4. the importance of profits gained or losses avoided by the responsible natural or legal person, insofar as they can be determined;

      5. the losses for third parties caused by the breach, insofar as they can be determined;

      6. the level of cooperation of the responsible natural or legal person with the competent authority, without prejudice to the need to ensure disgorgement of profits gained or losses avoided by that natural or legal person;

      7. previous breaches by the responsible natural or legal person.

Table of contents

We're continuously improving our platform to serve you better.

Your feedback matters! Let us know how we can improve.

Contact us:

springlex@springflod.se

Found a bug?

Springflod is a Swedish boutique consultancy firm specialising in cyber security within the financial services sector.

We offer professional services concerning information security governance, risk and compliance.

Crafted with ❤️ by Springflod