Article 60: Amendments to Regulation (EU) No 648/2012

Article 60 requires you to identify and implement the DORA-driven amendments that affect Regulation (EU) No 648/2012 (EMIR), then prove those changes are reflected in your governance, procedures, controls, and regulatory-response operations. Operationalize it by maintaining a single mapping from the legal change to owners, control updates, and auditable evidence. (Regulation (EU) 2022/2554, Article 60)

Key takeaways:

• Treat Article 60 as a “change-to-other-law” trigger: you must track what changed in EMIR and where it affects your control environment. (Regulation (EU) 2022/2554, Article 60)
• Build traceability: legal requirement → impacted process/system → control update → owner → evidence. (Regulation (EU) 2022/2554, Article 60)
• Prepare for supervisory scrutiny through a repeatable workflow for requests, escalations, and remediation with clear sign-off. (Regulation (EU) 2022/2554, Article 60)

“Article 60: amendments to Regulation (EU) No 648/2012 requirement” is easy to underestimate because it reads like a legislative cross-reference. For operators, it is a real governance requirement: DORA changes EMIR, and you need a dependable way to (1) detect the change, (2) determine whether and where it applies to your firm, and (3) implement and evidence the resulting procedural and control updates.

This page assumes you are a Compliance Officer, CCO, or GRC lead who must translate a legal amendment into an executable work package. Your success criteria are straightforward: you can show a supervisor or auditor a clean line from Article 60 to the specific EMIR obligations that changed, the operational areas touched (for example, clearing, collateral, reporting, ICT outsourcing that supports those functions), the updated controls, and proof those controls run in practice. The common failure mode is fragmented ownership: legal reads the amendment, operations and ICT never see it, and evidence is scattered across teams.

Use the guidance below to build a lightweight, defensible implementation package without guessing at legal specifics beyond the text provided. (Regulation (EU) 2022/2554, Article 60)

Regulatory text

Excerpt (as provided): “Regulation (EU) No 648/2012 is amended as follows:” (Regulation (EU) 2022/2554, Article 60)

What this means operationally

Article 60 is not a stand-alone control requirement with detailed steps in the excerpt you have. It is a binding change directive: DORA modifies EMIR, and regulated entities must operate under the amended EMIR requirements once effective. Your operational obligation is to run a regulatory change management process that captures this amendment, assesses applicability, implements changes, and retains evidence that the implementation is complete and governed.

Operator action implied by the text

Because the excerpt signals “EMIR is amended,” your immediate action is to:

1. Locate the specific amendment text within the full DORA publication and any consolidated EMIR text you use internally, then
2. Translate each amendment into a control/process impact statement, and
3. Assign accountable owners and track closure with evidence. (Regulation (EU) 2022/2554, Article 60; Regulation (EU) 2022/2554)

Plain-English interpretation

You must treat Article 60 as a mandatory trigger to update your EMIR compliance posture for any EMIR-scoped activities your firm performs (or supports through ICT). In practice, that means your compliance program needs a reliable mechanism to detect “DORA changed EMIR,” determine what changed for your entity, and prove you updated relevant policies, procedures, systems, and third-party arrangements that support EMIR processes. (Regulation (EU) 2022/2554, Article 60)

Who it applies to

Entity scope

• Regulated entities within DORA scope that are also subject to EMIR obligations directly (for example, as counterparties, financial counterparties, or entities with EMIR-driven operational duties), or indirectly where EMIR obligations are executed through shared service, technology, or outsourcing arrangements. (Regulation (EU) 2022/2554, Article 60)

Operational context

You should treat Article 60 as applicable if any of these are true:

• You run EMIR processes (trade reporting, clearing, collateral/margining, reconciliation, recordkeeping).
• You provide ICT systems or managed services that support EMIR processes (including third-party-provided platforms).
• You oversee subsidiaries, branches, or shared services that execute EMIR-relevant activity. (Regulation (EU) 2022/2554, Article 60)

What you actually need to do (step-by-step)

Step 1: Create the “Article 60 amendment register” entry

Build a single record that anchors the change:

• Citation: Article 60
• Source link: EUR-Lex entry for Article 60
• Short description: “DORA amends EMIR (Regulation (EU) No 648/2012)”
• Initial owner: Compliance / Regulatory Change lead
• Stakeholders: Legal, EMIR operations owner, ICT risk owner, SOC/IR owner, third-party risk owner, internal audit liaison. (Regulation (EU) 2022/2554, Article 60)

Deliverable: One-row entry in your regulatory obligations register that is easy to export for supervisors.

Step 2: Pull the exact amendment details from the primary text

Use the official source to avoid version drift:

• Open the Article 60 view and the DORA full text.
• Identify the concrete modifications made to Regulation (EU) No 648/2012.
• Store the relevant excerpt(s) in your internal register or a controlled memo. (Regulation (EU) 2022/2554, Article 60; Regulation (EU) 2022/2554)

Deliverable: “Article 60 legal extraction memo” with the copied text and a link back to EUR-Lex.

Step 3: Run an applicability and impact assessment (fast, structured)

For each amendment item you identify, complete a short impact template:

Field	What you record
Impacted obligation/process	Which EMIR obligation changes (plain language)
Business owner	Head of EMIR Ops / Markets Ops (named)
Systems	Trade reporting platform, collateral system, reconciliation tooling
Third parties	Reporting vendor, CCP connectivity provider, managed service provider
Control change	What policy/procedure/control needs update
Evidence	What artifacts prove it runs

This is where most programs fail: they stop at “Legal reviewed.” Your target is “Operations changed behavior and can prove it.” (Regulation (EU) 2022/2554, Article 60)

Deliverable: Completed impact template per amendment item, approved by Compliance and the business owner.

Step 4: Convert each impact into a tracked control/work item

Create tasks with:

• Owner
• Due date (your internal governance date)
• Required artifacts
• Validation method (how you will confirm the change works)

Common work items include:

• Policy/procedure updates (EMIR reporting procedures, issue management procedures)
• System configuration changes
• Control test updates (what evidence is sampled, how exceptions are handled)
• Third-party contract/SLA addenda if the amendment affects outsourced execution. (Regulation (EU) 2022/2554, Article 60)

Deliverable: A tracked remediation plan (tickets or a GRC workflow) tied to the Article 60 register entry.

Step 5: Implement a regulatory-response workflow (supervisory ready)

Supervisors will ask, “Show me you identified the change, assessed it, implemented it, and can evidence it.” Put in place:

• Intake channel for regulatory change items (Compliance-owned)
• Escalation rules (what triggers CCO notification)
• Approval gates (Legal interpretation sign-off; business acceptance; ICT control sign-off)
• Remediation tracking and closure criteria
• Evidence repository and naming conventions. (Regulation (EU) 2022/2554, Article 60)

Where Daydream fits: Daydream is useful as the system of record to map Article 60 to owners, impacted controls, and the exact evidence you plan to present under supervisory request, without hunting across wikis, tickets, and shared drives.

Step 6: Validate operation and close with evidence

Close each work item only when you have:

• Implemented change
• Confirmed control operation (sample check, runbook walk-through, or targeted test)
• Documented results and exceptions
• Recorded residual risk acceptance where applicable (with approver). (Regulation (EU) 2022/2554, Article 60)

Deliverable: Closure pack per amendment item.

Required evidence and artifacts to retain

Keep artifacts in a controlled repository with consistent naming:

1. Regulatory change record for Article 60 (register entry + ownership). (Regulation (EU) 2022/2554, Article 60)
2. Legal extraction memo with the relevant text and source links. (Regulation (EU) 2022/2554, Article 60; Regulation (EU) 2022/2554)
3. Applicability/impact assessments signed by Compliance and the process owner. (Regulation (EU) 2022/2554, Article 60)
4. Updated policies/procedures with version history and approval trail.
5. Control mapping showing old control → updated control and what changed.
6. Implementation evidence (tickets, change records, test results, meeting minutes where decisions were made).
7. Third-party evidence where relevant (contract addenda, assurance reports you already hold, service review minutes tied to the change).

Common exam/audit questions and hangups

Expect questions framed as traceability and proof-of-operation:

• “Show how you identified Article 60 and assessed applicability to your EMIR activities.” (Regulation (EU) 2022/2554, Article 60)
• “Which EMIR obligations changed, and who approved your interpretation?” (Regulation (EU) 2022/2554, Article 60)
• “Which systems and third parties support the impacted EMIR processes?” (Regulation (EU) 2022/2554, Article 60)
• “What control changes were implemented, and what testing proves they operate?” (Regulation (EU) 2022/2554, Article 60)
• “Show evidence that remediation items were closed, validated, and tracked through governance.” (Regulation (EU) 2022/2554, Article 60)

Hangup to plan for: teams often provide a policy update but cannot show a run record, sample output, or exception handling.

Frequent implementation mistakes (and how to avoid them)

1. Treating Article 60 as “legal-only.”
   Fix: require a business owner and an ICT owner signature on the impact assessment. (Regulation (EU) 2022/2554, Article 60)

2. No inventory of EMIR-supporting systems and third parties.
   Fix: maintain a simple service map for EMIR workflows and link it to the change record.

3. Evidence scattered across tools.
   Fix: define an evidence index for each amendment item (what, where stored, owner, date).

4. Closing actions without validation.
   Fix: define closure criteria that includes a quick operational check or targeted test result.

Enforcement context and risk implications

No public enforcement case sources were provided for Article 60 in the supplied catalog, so this page does not list enforcement actions. The practical risk is supervisory findings for weak regulatory change management, unclear accountability, or inability to evidence implementation of amended obligations. (Regulation (EU) 2022/2554, Article 60)

Practical 30/60/90-day execution plan

You asked for speed. Use this as an execution scaffold and adapt to your governance calendar.

First 30 days (stabilize governance and facts)

• Create the Article 60 register entry, owners, and stakeholders. (Regulation (EU) 2022/2554, Article 60)
• Produce the legal extraction memo from EUR-Lex and store it in a controlled location. (Regulation (EU) 2022/2554, Article 60; Regulation (EU) 2022/2554)
• Run a workshop with EMIR Ops + ICT + TPRM to draft the service/system/third-party map for EMIR processes.
• Start impact assessments per amendment item and open tracked work items.

Days 31–60 (implement and integrate into BAU)

• Update policies/procedures and obtain approvals.
• Implement system and process changes via normal change control.
• Update third-party oversight materials where external providers support impacted EMIR activities.
• Define evidence checklists and assign where evidence will live (single index).

Days 61–90 (validate, prove operation, prepare for examination)

• Perform targeted validation: sample outputs, walk-throughs, exception handling review.
• Close remediation items only with evidence attached and approval recorded.
• Run a “supervisory request drill”: can you produce the end-to-end traceability pack quickly from one place?
• Schedule ongoing monitoring: add Article 60/EMIR amendment tracking to your recurring regulatory change cadence. (Regulation (EU) 2022/2554, Article 60)

Frequently Asked Questions

Does Article 60 require a specific DORA policy or a specific EMIR procedure update?

The excerpt provided is an amendment clause, so the operational requirement is to identify what changed in Regulation (EU) No 648/2012 and update your controls accordingly. Your deliverable is traceable implementation and evidence, not a named “Article 60 policy.” (Regulation (EU) 2022/2554, Article 60)

What if we are not directly subject to EMIR but support EMIR processes for an affiliated entity?

Treat the requirement as applicable to the extent your services, systems, or third parties enable EMIR compliance activities. Document the relationship, map the supporting controls, and retain evidence that your support model reflects the amended obligations. (Regulation (EU) 2022/2554, Article 60)

What’s the minimum evidence package we should be able to produce on request?

Maintain a change register entry, legal extraction memo, applicability assessment, a list of impacted controls, and proof of implementation/validation. If any of those elements are missing, expect questions about governance and operational execution. (Regulation (EU) 2022/2554, Article 60)

How do we keep ownership clear across Compliance, Legal, ICT, and the EMIR business line?

Use a single mapping register with named accountable owners per amendment item and explicit approval gates (Legal interpretation, business acceptance, ICT control sign-off). Tie remediation closure to evidence, not status updates. (Regulation (EU) 2022/2554, Article 60)

Do we need to change third-party contracts because of Article 60?

Possibly, if an amended EMIR obligation is operationally executed by a third party (for example, reporting or connectivity). Start with a service map, then determine whether contract terms, SLAs, or oversight routines must change to match the amended obligation. (Regulation (EU) 2022/2554, Article 60)

How can Daydream help without turning this into a tooling project?

Use Daydream narrowly as the system of record for the Article 60 mapping: owners, impacted processes/systems, work items, and evidence pointers. That keeps supervisory responses consistent and reduces time spent collecting artifacts across teams. (Regulation (EU) 2022/2554, Article 60)