DORA
CHAPTER I — General provisions
CHAPTER II — ICT risk management
- Art. 5Governance and organisation
- Art. 6ICT risk management framework
- Art. 7ICT systems, protocols and tools
- Art. 8Identification
- Art. 9Protection and prevention
- Art. 10Detection
- Art. 11Response and recovery
- Art. 12Backup policies and procedures, restoration and recovery procedures and methods
- Art. 13Learning and evolving
- Art. 14Communication
- Art. 15Further harmonisation of ICT risk management tools, methods, processes and policies
- Art. 16Simplified ICT risk management framework
CHAPTER III — ICT-related incident management, classification and reporting
- Art. 17ICT-related incident management process
- Art. 18Classification of ICT-related incidents and cyber threats
- Art. 19Reporting of major ICT-related incidents and voluntary notification of significant cyber threats
- Art. 20Harmonisation of reporting content and templates
- Art. 21Centralisation of reporting of major ICT-related incidents
- Art. 22Supervisory feedback
- Art. 23Operational or security payment-related incidents concerning credit institutions, payment institutions, account information service providers, and electronic money institutions
CHAPTER IV — Digital operational resilience testing
CHAPTER V — Managing of ICT third-party risk
- Art. 28General principles
- Art. 29Preliminary assessment of ICT concentration risk at entity level
- Art. 30Key contractual provisions
- Art. 31Designation of critical ICT third-party service providers
- Art. 32Structure of the Oversight Framework
- Art. 33Tasks of the Lead Overseer
- Art. 34Operational coordination between Lead Overseers
- Art. 35Powers of the Lead Overseer
- Art. 36Exercise of the powers of the Lead Overseer outside the Union
- Art. 37Request for information
- Art. 38General investigations
- Art. 39Inspections
- Art. 40Ongoing oversight
- Art. 41Harmonisation of conditions enabling the conduct of the oversight activities
- Art. 42Follow-up by competent authorities
- Art. 43Oversight fees
- Art. 44International cooperation
CHAPTER VI — Information-sharing arrangements
CHAPTER VII — Competent authorities
- Art. 46Competent authorities
- Art. 47Cooperation with structures and authorities established by Directive (EU) 2022/2555
- Art. 48Cooperation between authorities
- Art. 49Financial cross-sector exercises, communication and cooperation
- Art. 50Administrative penalties and remedial measures
- Art. 51Exercise of the power to impose administrative penalties and remedial measures
- Art. 52Criminal penalties
- Art. 53Notification duties
- Art. 54Publication of administrative penalties
- Art. 55Professional secrecy
- Art. 56Data Protection