Digital Operational Resilience Act Articles (Proposal)

The Articles (Proposal) of the Digital Operational Resilience Act

Digital Operational Resilience Act (DORA), Article 19, Centralisation of reporting of major ICT-related incidents.

1. The ESAs, through the Joint Committee and in consultation with ECB and ENISA, shall prepare a joint report assessing the feasibility of further centralisation of incident reporting through the establishment of a single EU Hub for major ICT-related incident reporting by financial entities. The report shall explore ways to facilitate the flow of ICT-related incident reporting, reduce associated costs and underpin thematic analyses with a view to enhancing supervisory convergence.

2. The report referred to in the paragraph 1 shall comprise at least the following elements:

(a) prerequisites for the establishment of such an EU Hub;

(b) benefits, limitations and possible risks;

(c) elements of operational management;

(d) conditions of membership;

(e) modalities for financial entities and national competent authorities to access the EU Hub;

(f) a preliminary assessment of financial costs entailed by the setting-up the operational platform supporting the EU Hub, including the required expertise.

3. The ESAs shall submit the report referred to in the paragraph 1 to the Commission, the European Parliament and to the Council by xx 202x [OJ: insert date 3 years after the date of entry into force].