Source: OJ L 333, 27.12.2022, p. 1–79
EN
DORA regulation
Regulation (EU) 2022/2554 of the European Parliament and of the Council
of 14 December 2022
on digital operational resilience for the financial sector
and amending Regulations (EC) No 1060/2009, (EU) No 648/2012, (EU) No 600/2014, (EU) No 909/2014 and (EU) 2016/1011
(Text with EEA relevance)
Table of contents
Preamble
1 – 106Recitals- Chapter IGeneral provisions
- Chapter IIICT risk management
- Section I
- Section II
- Article 6ICT risk management framework
- Article 7ICT systems, protocols and tools
- Article 8Identification
- Article 9Protection and prevention
- Article 10Detection
- Article 11Response and recovery
- Article 12Backup policies and procedures, restoration and recovery procedures and methods
- Article 13Learning and evolving
- Article 14Communication
- Article 15Further harmonisation of ICT risk management tools, methods, processes and policies
- Article 16Simplified ICT risk management framework
- Chapter IIIICT-related incident management, classification and reporting
- Article 17ICT-related incident management process
- Article 18Classification of ICT-related incidents and cyber threats
- Article 19Reporting of major ICT-related incidents and voluntary notification of significant cyber threats
- Article 20Harmonisation of reporting content and templates
- Article 21Centralisation of reporting of major ICT-related incidents
- Article 22Supervisory feedback
- Article 23Operational or security payment-related incidents concerning credit institutions, payment institutions, account information service providers, and electronic money institutions
- Chapter IVDigital operational resilience testing
- Chapter VManaging of ICT third-party risk
- Section IKey principles for a sound management of ICT third-party risk
- Section IIOversight framework of critical ICT third-party service providers
- Article 31Designation of critical ICT third-party service providers
- Article 32Structure of the Oversight Framework
- Article 33Tasks of the Lead Overseer
- Article 34Operational coordination between Lead Overseers
- Article 35Powers of the Lead Overseer
- Article 36Exercise of the powers of the Lead Overseer outside the Union
- Article 37Request for information
- Article 38General investigations
- Article 39Inspections
- Article 40Ongoing oversight
- Article 41Harmonisation of conditions enabling the conduct of the oversight activities
- Article 42Follow-up by competent authorities
- Article 43Oversight fees
- Article 44International cooperation
- Chapter VIInformation-sharing arrangements
- Chapter VIICompetent authorities
- Article 46Competent authorities
- Article 47Cooperation with structures and authorities established by Directive (EU) 2022/2555
- Article 48Cooperation between authorities
- Article 49Financial cross-sector exercises, communication and cooperation
- Article 50Administrative penalties and remedial measures
- Article 51Exercise of the power to impose administrative penalties and remedial measures
- Article 52Criminal penalties
- Article 53Notification duties
- Article 54Publication of administrative penalties
- Article 55Professional secrecy
- Article 56Data Protection
- Chapter VIIIDelegated acts
- Chapter IXTransitional and final provisions
- Section I
- Section IIAmendments