Digital operational resilience Regulation (DORA)

Article 1: Subject matter

Article 2: Scope

Article 3: Definitions

Article 4: Proportionality principle

Section: I

Section: 2

Article 17: ICT-related incident management process

Article 18: Classification of ICT-related incidents and cyber threats

Article 19: Reporting of major ICT-related incidents and voluntary notification of significant cyber threats

Article 20: Harmonisation of reporting content and templates

Article 21: Centralisation of reporting of major ICT-related incidents

Article 22: Supervisory feedback

Article 23: Operational or security payment-related incidents concerning credit institutions, payment institutions, account information service providers, and electronic money institutions

Article 24: General requirements for the performance of digital operational resilience testing

Article 25: Testing of ICT tools and systems

Article 26: Advanced testing of ICT tools, systems and processes based on TLPT

Article 27: Requirements for testers for the carrying out of TLPT

Section I: Key principles for a sound management of ICT third-party risk

Section II: Oversight Framework of critical ICT third-party service providers

Article 45: Information-sharing arrangements on cyber threat information and intelligence

Article 46: Competent authorities

Article 47: Cooperation with structures and authorities established by Directive (EU) 2022/2555

Article 48: Cooperation between authorities

Article 49: Financial cross-sector exercises, communication and cooperation

Article 50: Administrative penalties and remedial measures

Article 51: Exercise of the power to impose administrative penalties and remedial measures

Article 52: Criminal penalties

Article 53: Notification duties

Article 54: Publication of administrative penalties

Article 55: Professional secrecy

Article 56: Data Protection

Article 57: Exercise of the delegation

Section I: Section I

Section II: Amendments