Updated 26/09/2023
In force since 16/01/2023

Initial Legal Act
Search for legal acts
Search within this legal act

Digital Operational Resilience Act (DORA)

Regulation (EU) 2022/2554 of the European Parliament and of the Council of 14 December 2022 on digital operational resilience for the financial sector and amending Regulations (EC) No 1060/2009, (EU) No 648/2012, (EU) No 600/2014, (EU) No 909/2014 and (EU) 2016/1011 (Text with EEA relevance)

Recitals
Article 6 - ICT risk management framework RTSArticle 7 - ICT systems, protocols and toolsArticle 8 - IdentificationArticle 9 - Protection and preventionArticle 10 - DetectionArticle 11 - Response and recoveryArticle 12 - Backup policies and procedures, restoration and recovery procedures and methodsArticle 13 - Learning and evolvingArticle 14 - CommunicationArticle 15 - Further harmonisation of ICT risk management tools, methods, processes and policies RTSArticle 16 - Simplified ICT risk management framework RTS
Article 17 - ICT-related incident management processArticle 18 - Classification of ICT-related incidents and cyber threats RTSArticle 19 - Reporting of major ICT-related incidents and voluntary notification of significant cyber threats RTSArticle 20 - Harmonisation of reporting content and templatesArticle 21 - Centralisation of reporting of major ICT-related incidentsArticle 22 - Supervisory feedbackArticle 23 - Operational or security payment-related incidents concerning credit institutions, payment institutions, account information service providers, and electronic money institutions
Article 31 - Designation of critical ICT third-party service providers Article 32 - Structure of the Oversight FrameworkArticle 33 - Tasks of the Lead OverseerArticle 34 - Operational coordination between Lead OverseersArticle 35 - Powers of the Lead OverseerArticle 36 - Exercise of the powers of the Lead Overseer outside the UnionArticle 37 - Request for informationArticle 38 - General investigationsArticle 39 - InspectionsArticle 40 - Ongoing oversightArticle 41 - Harmonisation of conditions enabling the conduct of the oversight activitiesArticle 42 - Follow-up by competent authoritiesArticle 43 - Oversight fees Article 44 - International cooperation
Article 46 - Competent authoritiesArticle 47 - Cooperation with structures and authorities established by Directive (EU) 2022/2555Article 48 - Cooperation between authoritiesArticle 49 - Financial cross-sector exercises, communication and cooperationArticle 50 - Administrative penalties and remedial measuresArticle 51 - Exercise of the power to impose administrative penalties and remedial measuresArticle 52 - Criminal penaltiesArticle 53 - Notification dutiesArticle 54 - Publication of administrative penaltiesArticle 55 - Professional secrecyArticle 56 - Data Protection