Source: OJ L 333, 27.12.2022, p. 1–79Current language: EN
- Digital operational resilience in the financial sector
Basic legislative acts
- DORA regulation
Article 7 ICT systems, protocols and tools
Summary What does Article 7 of the DORA regulation say?
This is a concise but important article that sits within the broader ICT risk management framework established by Article 6.
Rather than setting governance structures, it focuses on the practical baseline standards that ICT systems, protocols and tools must meet.
In essence, it requires financial entities to keep their ICT infrastructure updated and fit for purpose, spelling out four core qualities those systems must possess.
Important points:
- Use and maintain updated ICT systems, protocols and tools that meet four defined quality standards: appropriateness to operational scale, reliability, sufficient processing capacity, and technological resilience.
- The capacity requirement explicitly covers peak volumes and the introduction of new technology, ensuring systems can handle not just normal operations but surges in demand.
- The resilience requirement extends to stressed market conditions and other adverse situations, directly tying this article to the broader goal of digital operational resilience.
Springlex's summary of the article, a reading aid, not a substitute for the legal text.
In order to address and manage ICT risk, financial entities shall use and maintain updated ICT systems, protocols and tools that are:
appropriate to the magnitude of operations supporting the conduct of their activities, in accordance with the proportionality principle as referred to in Article 4;
reliable;
equipped with sufficient capacity to accurately process the data necessary for the performance of activities and the timely provision of services, and to deal with peak orders, message or transaction volumes, as needed, including where new technology is introduced;
technologically resilient in order to adequately deal with additional information processing needs as required under stressed market conditions or other adverse situations.
Relevant recitals
Recital 48 Updated and resilient ICT systems
To keep pace with an evolving cyber threat landscape, financial entities should maintain updated ICT systems that are reliable and capable, not only for guaranteeing the processing of data required for their services, but also for ensuring sufficient technological resilience to allow them to deal adequately with additional processing needs due to stressed market conditions or other adverse situations.
Springlex and this text is meant purely as a documentation tool and has no legal effect. No liability is assumed for its content. The authentic version of this act is the one published in the Official Journal of the European Union.
Definition
ICT risk
Definition
network and information system
Definition
cyber threat