Source: OJ L 333, 27.12.2022, p. 1–79

Current language: EN

Article 62 Amendments to Regulation (EU) No 600/2014

Summary What does Article 62 of the DORA regulation say?

This is an amending article, making targeted changes to Regulation (EU) No 600/2014 (MiFIR) to bring three categories of data reporting service providers — Approved Publication Arrangements (APAs), Consolidated Tape Providers (CTPs), and Approved Reporting Mechanisms (ARMs) — into alignment with DORA.

In essence, it inserts explicit obligations for each of these entities to comply with the network and information systems security requirements set out in DORA, replacing or updating the existing language in their respective articles within MiFIR.

Important points:

  • APAs, CTPs, and ARMs are each required to comply with the network and information systems security requirements set out in DORA.
  • This article directly links MiFIR data reporting service providers to DORA, establishing DORA as the governing framework for their ICT security obligations.
  • Consequential amendments are also made to narrow the scope of technical standards in MiFIR, removing ICT-related organisational requirements that are now covered by DORA.

Springlex's summary of the article, a reading aid, not a substitute for the legal text.

Regulation (EU) No 600/2014 is amended as follows:

  1. Article 27g is amended as follows:

    1. paragraph 4 is replaced by the following:

      1. ‘An APA shall comply with the requirements concerning the security of network and information systems set out in Regulation (EU) 2022/2554 of the European Parliament and of the Council(43).

    2. in paragraph 8, point (c) is replaced by the following:

      1. ‘the concrete organisational requirements laid down in paragraphs 3 and 5.’;

  2. Article 27h is amended as follows:

    1. paragraph 5 is replaced by the following:

      1. A CTP shall comply with the requirements concerning the security of network and information systems set out in Regulation (EU) 2022/2554.’.

    2. in paragraph 8, point (e) is replaced by the following:

      1. ‘the concrete organisational requirements laid down in paragraph 4.’;

  3. Article 27i is amended as follows:

    1. paragraph 3 is replaced by the following:

      1. An ARM shall comply with the requirements concerning the security of network and information systems set out in Regulation (EU) 2022/2554.’;

    2. in paragraph 5, point (b) is replaced by the following:

      1. ‘the concrete organisational requirements laid down in paragraphs 2 and 4.’.

Table of contents

We're continuously improving our platform to serve you better.

Your feedback matters! Let us know how we can improve.

Contact us:

springlex@springflod.se

Found a bug?

Springflod is a Swedish boutique consultancy firm specialising in cyber security within the financial services sector.

We offer professional services concerning information security governance, risk and compliance.

Crafted with ❤️ by Springflod