Art. 45 Information-sharing arrangements on cyber threat information and intelligence | DORA regulation |

1. Financial entitiesas defined in Article 2, points (a) to (t) may exchange amongst themselves cyber threat means a cyber threat as defined in Article 2, point (8), of Regulation (EU) 2019/881; information and intelligence, including indicators of compromise, tactics, techniques, and procedures, cyber security alerts and configuration tools, to the extent that such information and intelligence sharing:
  1. aims to enhance the digital operational resilience means the ability of a financial entity to build, assure and review its operational integrity and reliability by ensuring, either directly or indirectly through the use of services provided by ICT third-party service providers, the full range of ICT-related capabilities needed to address the security of the network and information systems which a financial entity uses, and which support the continued provision of financial services and their quality, including throughout disruptions; of financial entitiesas defined in Article 2, points (a) to (t), in particular through raising awareness in relation to cyber threats means a cyber threat as defined in Article 2, point (8), of Regulation (EU) 2019/881;, limiting or impeding the cyber threats means a cyber threat as defined in Article 2, point (8), of Regulation (EU) 2019/881;’ ability to spread, supporting defence capabilities, threat detection techniques, mitigation strategies or response and recovery stages;
  2. takes places within trusted communities of financial entitiesas defined in Article 2, points (a) to (t);
  3. is implemented through information-sharing arrangements that protect the potentially sensitive nature of the information shared, and that are governed by rules of conduct in full respect of business confidentiality, protection of personal data in accordance with Regulation (EU) 2016/679 and guidelines on competition policy.
1. For the purpose of paragraph 1, point (c), the information-sharing arrangements shall define the conditions for participation and, where appropriate, shall set out the details on the involvement of public authorities means any government or other public administration entity, including national central banks. and the capacity in which they may be associated to the information-sharing arrangements, on the involvement of ICT third-party service providers means an undertaking providing ICT services;, and on operational elements, including the use of dedicated IT platforms.
1. Financial entitiesas defined in Article 2, points (a) to (t) shall notify competent authoritiesas defined in Article 46 of their participation in the information-sharing arrangements referred to in paragraph 1, upon validation of their membership, or, as applicable, of the cessation of their membership, once it takes effect.