The Articles (Proposal) of the Digital Operational Resilience Act

Preamble 1 to 73.

Chapter I, General provisions.

Article 1 Digital Operational Resilience Act (DORA), Subject matter

Article 2 Digital Operational Resilience Act (DORA), Personal scope

Article 3 Digital Operational Resilience Act (DORA), Definitions

Chapter II, ICT RISK MANAGEMENT, SECTION I.

Article 4 Digital Operational Resilience Act (DORA), Governance and organisation

Article 5 Digital Operational Resilience Act (DORA), ICT risk management framework

Article 6 Digital Operational Resilience Act (DORA), ICT systems, protocols and tools

Article 7 Digital Operational Resilience Act (DORA), Identification

Article 8 Digital Operational Resilience Act (DORA), Protection and Prevention

Article 9 Digital Operational Resilience Act (DORA), Detection

Article 10 Digital Operational Resilience Act (DORA), Response and recovery

Article 11 Digital Operational Resilience Act (DORA), Backup policies and recovery methods

Article 12 Digital Operational Resilience Act (DORA), Learning and evolving

Article 13 Digital Operational Resilience Act (DORA), Communication

Article 14 Digital Operational Resilience Act (DORA), Further harmonisation of ICT risk management tools, methods, processes and policies

CHAPTER III, ICT-RELATED INCIDENTS MANAGEMENT, CLASSIFICATION and REPORTING.

Article 15 Digital Operational Resilience Act (DORA), ICT-related incident management process

Article 16 Digital Operational Resilience Act (DORA), Classification of ICT-related incidents

Article 17 Digital Operational Resilience Act (DORA), Reporting of major ICT-related incidents

Article 18 Digital Operational Resilience Act (DORA), Harmonisation of reporting content and templates

Article 19 Digital Operational Resilience Act (DORA), Centralisation of reporting of major ICT-related incidents

Article 20 Digital Operational Resilience Act (DORA), Supervisory feedback

CHAPTER IV, DIGITAL OPERATIONAL RESILIENCE TESTING.

Article 21 Digital Operational Resilience Act (DORA), General requirements for the performance of digital operational resilience testing

Article 22 Digital Operational Resilience Act (DORA), Testing of ICT tools and systems

Article 23 Digital Operational Resilience Act (DORA), Advanced testing of ICT tools, systems and processes based on threat led penetration testing

Article 24 Digital Operational Resilience Act (DORA), Requirements for testers

CHAPTER V, MANAGING OF ICT THIRD-PARTY RISK

SECTION I, Key principles for a sound management of ICT third party risk

Article 25 Digital Operational Resilience Act (DORA), General principles

Article 26 Digital Operational Resilience Act (DORA), Preliminary assessment of ICT concentration risk and further sub-outsourcing arrangements

Article 27 Digital Operational Resilience Act (DORA), Key contractual provisions

SECTION II, Oversight framework of critical ICT third-party service providers.

Article 28 Digital Operational Resilience Act (DORA), Designation of critical ICT third-party service providers

Article 29 Digital Operational Resilience Act (DORA), Structure of the Oversight Framework

Article 30 Digital Operational Resilience Act (DORA), Tasks of the Lead Overseer

Article 31 Digital Operational Resilience Act (DORA), Powers of the Lead Overseer

Article 32 Digital Operational Resilience Act (DORA), Request for information

Article 33 Digital Operational Resilience Act (DORA), General investigations

Article 34 Digital Operational Resilience Act (DORA), On-site inspections

Article 35 Digital Operational Resilience Act (DORA), Ongoing Oversight

Article 36 Digital Operational Resilience Act (DORA), Harmonisation of conditions enabling the conduct of the Oversight

Article 37 Digital Operational Resilience Act (DORA), Follow-up by competent authorities

Article 38 Digital Operational Resilience Act (DORA), Oversight fees

Article 39 Digital Operational Resilience Act (DORA), International cooperation

CHAPTER VI, INFORMATION SHARING ARRANGEMENTS.

Article 40 Digital Operational Resilience Act (DORA), Information-sharing arrangements on cyber threat information and intelligence

CHAPTER VII, COMPETENT AUTHORITIES

Article 41 Digital Operational Resilience Act (DORA), Competent authorities

Article 42 Digital Operational Resilience Act (DORA), Cooperation with structures and authorities established by Directive (EU) 2016/1148

Article 43 Digital Operational Resilience Act (DORA), Financial cross-sector exercises, communication and cooperation

Article 44 Digital Operational Resilience Act (DORA), Administrative penalties and remedial measures

Article 45 Digital Operational Resilience Act (DORA), Exercise of the power to impose administrative penalties and remedial measures

Article 46 Digital Operational Resilience Act (DORA), Criminal penalties

Article 47 Digital Operational Resilience Act (DORA), Notification duties

Article 48 Digital Operational Resilience Act (DORA), Publication of administrative penalties

Article 49 Digital Operational Resilience Act (DORA), Professional secrecy

CHAPTER VIII, DELEGATED ACTS

Article 50 Digital Operational Resilience Act (DORA), Exercise of the delegation

CHAPTER IX, TRANSITIONAL AND FINAL PROVISIONS, SECTION I

Article 51 Digital Operational Resilience Act (DORA), Review clause

SECTION II, AMENDMENTS

Article 52 Digital Operational Resilience Act (DORA), Amendments to Regulation (EC) No 1060/2009

Article 53 Digital Operational Resilience Act (DORA), Amendments to Regulation (EU) No 648/2012

Article 54 Digital Operational Resilience Act (DORA), Amendments to Regulation (EU) No 909/2014

Article 55 Digital Operational Resilience Act (DORA), Amendments to Regulation (EU) No 600/2014

Article 56 Digital Operational Resilience Act (DORA), Entry into force and application

Digital Operational Resilience Act Articles (Proposal)

The Articles (Proposal) of the Digital Operational Resilience Act