Art. 59 Amendments to Regulation (EC) No 1060/2009 | DORA regulation |

Regulation (EC) No 1060/2009 is amended as follows:

in Annex I, Section A, point 4, the first subparagraph is replaced by the following:
‘A credit rating agency means a credit rating agency as defined in Article 3(1), point (b), of Regulation (EC) No 1060/2009; shall have sound administrative and accounting procedures, internal control mechanisms, effective procedures for risk means the potential for loss or disruption caused by an incident and is to be expressed as a combination of the magnitude of such loss or disruption and the likelihood of occurrence of the incident; assessment, and effective control and safeguard arrangements for managing ICT systems in accordance with Regulation (EU) 2022/2554 of the European Parliament and of the Council (⁴⁰)Regulation (EU) 2022/2554 of the European Parliament and of the Council of 14 December 2022 on digital operational resilience for the financial sector and amending Regulations (EC) No 1060/2009, (EU) No 648/2012, (EU) No 600/2014, (EU) No 909/2014 and (EU) 2016/1011 (OJ L 333, 27.12.2022, p. 1).’;
in Annex III, point 12 is replaced by the following:
The credit rating agency means a credit rating agency as defined in Article 3(1), point (b), of Regulation (EC) No 1060/2009; infringes Article 6(2), in conjunction with point 4 of Section A of Annex I, by not having sound administrative or accounting procedures, internal control mechanisms, effective procedures for risk means the potential for loss or disruption caused by an incident and is to be expressed as a combination of the magnitude of such loss or disruption and the likelihood of occurrence of the incident; assessment, or effective control or safeguard arrangements for managing ICT systems in accordance with Regulation (EU) 2022/2554; or by not implementing or maintaining decision-making procedures or organisational structures as required by that point.’.