Source: OJ L 333, 27.12.2022, p. 153–163
EN
- Digital operational resilience act
Basic legislative acts
- DORA directive
Article 2 Amendments to Directive 2009/138/EC
Directive 2009/138/EC is amended as follows:
in Article 41, paragraph 4 is replaced by the following:
Insurance and reinsurance undertakings means a reinsurance undertaking as defined in Article 13, point (4), of Directive 2009/138/EC; shall take reasonable steps to ensure continuity and regularity in the performance of their activities, including the development of contingency plans. To that end, the undertakings shall employ appropriate and proportionate systems, resources and procedures, and shall, in particular, set up and manage network and information systems means: any device or group of interconnected or related devices, one or more of which, pursuant to a programme, carry out automatic processing of digital data; or digital data stored, processed, retrieved or transmitted by elements covered under points (a) and (b) for the purposes of their operation, use, protection and maintenance; an electronic communications network as defined in Article 2, point (1), of Directive (EU) 2018/1972; in accordance with Regulation (EU) 2022/2554 of the European Parliament and of the Council (16)Regulation (EU) 2022/2554 of the European Parliament and of the Council of 14 December 2022 on digital operational resilience for the financial sector and amending Regulations (EC) No 1060/2009, (EU) No 648/2012, (EU) No 600/2014, (EU) No 909/2014 and (EU) 2016/1011 (OJ L333, 27.12.2022, p.1).’;.
in Article 50(1), points (a) and (b) are replaced by the following:
the elements of the systems referred to in Article 41, Article 44, in particular the areas listed in Article 44(2), and Articles 46 and 47, other than the elements concerning information and communication technology risk means the potential for loss or disruption caused by an incident and is to be expressed as a combination of the magnitude of such loss or disruption and the likelihood of occurrence of the incident; management;
the functions referred to in Articles 44, 46, 47 and 48, other than functions related to information and communication technology risk means the potential for loss or disruption caused by an incident and is to be expressed as a combination of the magnitude of such loss or disruption and the likelihood of occurrence of the incident; management.’.
Springlex and this text is meant purely as a documentation tool and has no legal effect. No liability is assumed for its content. The authentic version of this act is the one published in the Official Journal of the European Union.