Article 51, Exercise of the power to impose administrative penalties and remedial measures
1. Competent authorities shall exercise the powers to impose administrative penalties and remedial measures referred to in Article 50 in accordance with their national legal frameworks, where appropriate, as follows:
(b) in collaboration with other authorities;
(c) under their responsibility by delegation to other authorities; or
(d) by application to the competent judicial authorities.
2. Competent authorities, when determining the type and level of an administrative penalty or remedial measure to be imposed under Article 50, shall take into account the extent to which the breach is intentional or results from negligence, and all other relevant circumstances, including the following, where appropriate:
(a) the materiality, gravity and the duration of the breach;
(b) the degree of responsibility of the natural or legal person responsible for the breach;
(c) the financial strength of the responsible natural or legal person;
(d) the importance of profits gained or losses avoided by the responsible natural or legal person, insofar as they can be determined;
(e) the losses for third parties caused by the breach, insofar as they can be determined;
(f) the level of cooperation of the responsible natural or legal person with the competent authority, without prejudice to the need to ensure disgorgement of profits gained or losses avoided by that natural or legal person;
(g) previous breaches by the responsible natural or legal person.
Note: This is the final text of the Digital Operational Resilience Act (DORA) - Regulation (EU) 2022/2554 of the European Parliament and of the Council of 14 December 2022 on digital operational resilience for the financial sector and amending Regulations (EC) No 1060/2009, (EU) No 648/2012, (EU) No 600/2014, (EU) No 909/2014 and (EU) 2016/1011 (Text with EEA relevance).
Articles, Digital Operational Resilience Act (DORA):