Digital Operational Resilience Act (DORA), Article 53, Amendments to Regulation (EU) No 648/2012.
Regulation (EU) No 648/2012 is amended as follows:
(1) Article 26 is amended as follows:
(a) paragraph 3 is replaced by the following:
‘3. A CCP shall maintain and operate an organisational structure that ensures continuity and orderly functioning in the performance of its services and activities. It shall employ appropriate and proportionate systems, resources and procedures, including ICT systems managed in accordance with Regulation (EU) 2021/xx of the European Parliament and of the Council* [DORA].
* Regulation (EU) 2021/xx of the European Parliament and of the Council […](OJ L XX, DD.MM.YYYY, p. X).’;
(b) paragraph 6 is deleted;
(2) Article 34 is amended as follows:
(a) paragraph 1 is replaced by the following:
‘1. A CCP shall establish, implement and maintain an adequate business continuity policy and disaster recovery plan, which shall include ICT business continuity and disaster recovery plans set up in accordance with Regulation (EU) 2021/xx [DORA], aiming at ensuring the preservation of its functions, the timely recovery of operations and the fulfilment of the CCP’s obligations.’;
(b)in paragraph 3, the first subparagraph is replaced by the following:
‘In order to ensure consistent application of this Article, ESMA shall, after consulting the members of the ESCB, develop draft regulatory technical standards specifying the minimum content and requirements of the business continuity policy and of the disaster recovery plan, excluding ICT business continuity and disaster recovery plans.’;
(3) in Article 56, the first subparagraph of paragraph 3 is replaced by the following:
‘3. In order to ensure consistent application of this Article, ESMA shall develop draft regulatory technical standards specifying the details, other than for requirements related to ICT risk management, of the application for registration referred to in paragraph 1.’;
(4) in Article 79, paragraphs 1 and 2 are replaced by the following:
‘1. A trade repository shall identify sources of operational risk and minimise them also through the development of appropriate systems, controls and procedures, including ICT systems managed in accordance with Regulation (EU) 2021/xx [DORA].
2. A trade repository shall establish, implement and maintain an adequate business continuity policy and disaster recovery plan including ICT business continuity and disaster recovery plans established in accordance with Regulation (EU) 2021/xx[DORA], aiming at ensuring the maintenance of its functions, the timely recovery of operations and the fulfilment of the trade repository’s obligations.’;
(5) in Article 80, paragraph 1 is deleted.