DORA64

Requirements in this framework

• Article 1: Subject matter
• Article 10: Detection
• Article 11: Response and recovery
• Article 12: Backup policies and procedures, restoration and recovery procedures and methods
• Article 13: Learning and evolving
• Article 14: Communication
• Article 15: Further harmonisation of ICT risk management tools, methods, processes and policies
• Article 16: Simplified ICT risk management framework
• Article 17: ICT-related incident management process
• Article 18: Classification of ICT-related incidents and cyber threats
• Article 19: Reporting of major ICT-related incidents and voluntary notification of significant cyber threats
• Article 2: Scope
• Article 20: Harmonisation of reporting content and templates
• Article 21: Centralisation of reporting of major ICT-related incidents
• Article 22: Supervisory feedback
• Article 23: Operational or security payment-related incidents concerning credit institutions, payment institutions, account information service providers, and electronic money institutions
• Article 24: General requirements for the performance of digital operational resilience testing
• Article 25: Testing of ICT tools and systems
• Article 26: Advanced testing of ICT tools, systems and processes based on TLPT
• Article 27: Requirements for testers for the carrying out of TLPT
• Article 28: General principles
• Article 29: Preliminary assessment of ICT concentration risk at entity level
• Article 3: Definitions
• Article 30: Key contractual provisions
• Article 31: Designation of critical ICT third-party service providers
• Article 32: Structure of the Oversight Framework
• Article 33: Tasks of the Lead Overseer
• Article 34: Operational coordination between Lead Overseers
• Article 35: Powers of the Lead Overseer
• Article 36: Exercise of the powers of the Lead Overseer outside the Union
• Article 37: Request for information
• Article 38: General investigations
• Article 39: Inspections
• Article 4: Proportionality principle
• Article 40: Ongoing oversight
• Article 41: Harmonisation of conditions enabling the conduct of the oversight activities
• Article 42: Follow-up by competent authorities
• Article 43: Oversight fees
• Article 44: International cooperation
• Article 45: Information-sharing arrangements on cyber threat information and intelligence
• Article 46: Competent authorities
• Article 47: Cooperation with structures and authorities established by Directive (EU) 2022/2555
• Article 48: Cooperation between authorities
• Article 49: Financial cross-sector exercises, communication and cooperation
• Article 5: Governance and organisation
• Article 50: Administrative penalties and remedial measures
• Article 51: Exercise of the power to impose administrative penalties and remedial measures
• Article 52: Criminal penalties
• Article 53: Notification duties
• Article 54: Publication of administrative penalties
• Article 55: Professional secrecy
• Article 56: Data Protection
• Article 57: Exercise of the delegation
• Article 58: Review clause
• Article 59: Amendments to Regulation (EC) No 1060/2009
• Article 6: ICT risk management framework
• Article 60: Amendments to Regulation (EU) No 648/2012
• Article 61: Amendments to Regulation (EU) No 909/2014
• Article 62: Amendments to Regulation (EU) No 600/2014
• Article 63: Amendment to Regulation (EU) 2016/1011
• Article 64: Entry into force and application
• Article 7: ICT systems, protocols and tools
• Article 8: Identification
• Article 9: Protection and prevention