Digital Operational Resilience Act (DORA), Article 45, Exercise of the power to impose administrative penalties and remedial measures.
1. Competent authorities shall exercise the powers to impose administrative penalties and remedial measures referred to in Article 44 in accordance with their national legal frameworks, as appropriate:
(b) in collaboration with other authorities;
(c) under their responsibility by delegation to other authorities;
(d) by application to the competent judicial authorities.
2. Competent authorities, when determining the type and level of an administrative penalty or remedial measure to be imposed under Article 44, shall take into account the extent to which the breach is intentional or results from negligence and all other relevant circumstances, including, where appropriate:
(a) the materiality, gravity and the duration of the breach;
(b) the degree of responsibility of the natural or legal person responsible for the breach;
(c) the financial strength of the responsible natural or legal person;
(d) the importance of profits gained or losses avoided by the responsible natural or legal person, insofar as they can be determined;
(e) the losses for third parties caused by the breach, insofar as they can be determined;
(f) the level of cooperation of the responsible natural or legal person with the competent authority, without prejudice to the need to ensure disgorgement of profits gained or losses avoided by that person;
(g) previous breaches by the responsible natural or legal person.