# Instrument Metadata # Output tuned for LLM consumption -- deterministic parse of the # EUR-Lex source, no LLM involved in generation. instrument_id: dora celex: "32022R2554" eli: "http://data.europa.eu/eli/reg/2022/2554/oj" full_title: Digital Operational Resilience Act short_title: DORA instrument_type: regulation document_type: regulation normative_weight: binding jurisdiction: EU effective_period: from: "2023-01-16" to: null dates: adopted: "2022-12-14" entered_into_force: "2023-01-16" status: in_force structure_levels: - title - chapter - article total_articles: 64 total_recitals: 106 definitions_article: 3 chunk_strategy: by_chapter chunks: - /dora/chunks/recitals.md - /dora/chunks/dora_t01_general_provisions.md - /dora/chunks/dora_t02_ch01.md - /dora/chunks/dora_t02_ch02.md - /dora/chunks/dora_t03_ict_related_incident_management_classifi.md - /dora/chunks/dora_t04_digital_operational_resilience_testing.md - /dora/chunks/dora_t05_ch01_key_principles_for_a_sound_management_of.md - /dora/chunks/dora_t05_ch02_oversight_framework_of_critical_ict_thir.md - /dora/chunks/dora_t06_information_sharing_arrangements.md - /dora/chunks/dora_t07_competent_authorities.md - /dora/chunks/dora_t08_delegated_acts.md - /dora/chunks/dora_t09_ch01.md - /dora/chunks/dora_t09_ch02_amendments.md generated_at: "2026-05-01T17:48:29.991Z" articles: - article_number: 1 article_title: Subject matter chunk_file: /dora/chunks/dora_t01_general_provisions.md path: "Title 1 > Article 1" applies_to_entities: - member_states - competent_authorities - financial_entities - ict_third_party_providers topics: - operational_resilience - ict_risk keywords: - supervision - POS - security - system - network - reporting - digital operational resilience - network and information system - security of network and information systems - ict-related incident - operational or security payment-related incident - major ict-related incident - major operational or security payment-related incident - cyber threat - significant cyber threat - ict third-party risk - ict third-party service provider - critical ict third-party service provider contains: obligations: true prohibitions: false permissions: false definitions: false penalties: false delegated_powers: false implementing_powers: false rts_mandate: false its_mandate: false transitional: false internal_references: - target: Article 2 paragraph: "1" - target: Article 4 external_references: - instrument_type: directive reference: "2022/2555" recitals: [] - article_number: 2 article_title: Scope chunk_file: /dora/chunks/dora_t01_general_provisions.md path: "Title 1 > Article 2" applies_to_entities: - payment_institutions - account_information_service_providers - credit_institutions - member_states - european_commission - financial_entities - ict_third_party_providers topics: - operational_resilience - ict_risk - authorisation - securitisation - insurance - reinsurance - pensions - crypto_assets keywords: - electronic money - POS - token - data - access - scheme - ITS - reporting - ict third-party service provider - credit institution - investment firm - payment institution - account information service provider - electronic money institution - trading venue - data reporting service provider - insurance undertaking - reinsurance undertaking - crypto-asset service provider - crowdfunding service provider contains: obligations: true prohibitions: false permissions: true definitions: true penalties: false delegated_powers: false implementing_powers: false rts_mandate: false its_mandate: false transitional: false internal_references: - target: Article 2 - target: Article 3 - target: Article 2 paragraph: "5" external_references: - instrument_type: directive reference: "2015/2366" - instrument_type: directive reference: "2009/110/EC" - instrument_type: regulation reference: "1093/2010" - instrument_type: directive reference: "2011/61/EU" - instrument_type: directive reference: "2009/138/EC" - instrument_type: directive reference: "2014/65/EU" - instrument_type: directive reference: "2013/36/EU" - instrument_type: directive reference: "2013/36" recitals: - 37 - 40 - 41 - 70 - article_number: 3 article_title: Definitions chunk_file: /dora/chunks/dora_t01_general_provisions.md path: "Title 1 > Article 3" applies_to_entities: - payment_institutions - account_information_service_providers - credit_institutions - competent_authorities - financial_entities - ict_third_party_providers topics: - operational_resilience - ict_risk - authorisation - outsourcing - large_exposures - counterparty_credit_risk - securitisation - insurance - reinsurance - pensions - trading_venues - crypto_assets - derivatives_clearing - credit_rating - governance - financial_statements keywords: - liability - authorisation - electronic money - POS - token - security - data - access - outsourcing - branch - system - scheme - network - RTS - ITS - reporting - digital operational resilience - network and information system - legacy ict system - security of network and information systems contains: obligations: true prohibitions: false permissions: true definitions: true penalties: false delegated_powers: false implementing_powers: false rts_mandate: false its_mandate: false transitional: false internal_references: - target: Article 2 paragraph: "1" - target: Article 31 - target: Article 2 - target: Article 2 paragraph: "5" - target: Article 31 paragraph: "1" external_references: - instrument_type: directive reference: "2022/2555" - instrument_type: regulation reference: "2019/881" - instrument_type: directive reference: "2013/34/EU" - instrument_type: directive reference: "2013/34/EU" - instrument_type: directive reference: "2014/65/EU" - instrument_type: directive reference: "2013/36/EU" - instrument_type: directive reference: "2009/65/EC" - instrument_type: regulation reference: "909/2014" - instrument_type: regulation reference: "2016/1011" - instrument_type: regulation reference: "575/2013" - instrument_type: directive reference: "2013/36" - instrument_type: directive reference: "2014/65/EU" - instrument_type: regulation reference: "2019/2033" - instrument_type: directive reference: "2015/2366" - instrument_type: directive reference: "2015/2366" - instrument_type: directive reference: "2015/2366" - instrument_type: directive reference: "2009/110/EC" - instrument_type: directive reference: "2009/110/EC" - instrument_type: regulation reference: "648/2012" - instrument_type: regulation reference: "648/2012" - instrument_type: regulation reference: "909/2014" - instrument_type: directive reference: "2014/65/EU" - instrument_type: directive reference: "2011/61/EU" - instrument_type: directive reference: "2009/65/EC" - instrument_type: regulation reference: "600/2014" - instrument_type: directive reference: "2009/138/EC" - instrument_type: directive reference: "2009/138/EC" - instrument_type: directive reference: "2016/97" - instrument_type: directive reference: "2016/97" - instrument_type: directive reference: "2016/97" - instrument_type: directive reference: "2016/2341" - instrument_type: regulation reference: "1060/2009" - instrument_type: regulation reference: "2016/1011" - instrument_type: regulation reference: "2020/1503" - instrument_type: regulation reference: "2017/2402" - instrument_type: regulation reference: "1093/2010" recitals: - 39 - article_number: 4 article_title: Proportionality principle chunk_file: /dora/chunks/dora_t01_general_provisions.md path: "Title 1 > Article 4" applies_to_entities: - competent_authorities - financial_entities topics: - operational_resilience - ict_risk - competent_authorities - risk_management keywords: - SCA - RTS - ict risk contains: obligations: true prohibitions: false permissions: false definitions: false penalties: false delegated_powers: false implementing_powers: false rts_mandate: false its_mandate: false transitional: false internal_references: - target: Article 6 paragraph: "5" - target: Article 16 paragraph: "2" external_references: [] recitals: - 17 - 39 - article_number: 5 article_title: Governance and organisation chunk_file: /dora/chunks/dora_t02_ch01.md path: "Title 2 > Chapter 1 > Article 5" applies_to_entities: - financial_entities - ict_third_party_providers topics: - operational_resilience - ict_risk - risk_management - recovery_resolution - governance - internal_control keywords: - POS - security - data - ITS - reporting - digital operational resilience - ict risk - ict-related incident - major ict-related incident - ict third-party service provider - ict services - critical or important function - management body - microenterprise contains: obligations: true prohibitions: false permissions: true definitions: false penalties: false delegated_powers: false implementing_powers: false rts_mandate: false its_mandate: false transitional: false internal_references: - target: Article 6 paragraph: "4" - target: Article 6 paragraph: "1" - target: Article 6 paragraph: "8" - target: Article 11 paragraph: "1" - target: Article 11 paragraph: "3" - target: Article 13 paragraph: "6" external_references: [] recitals: - 21 - 42 - 105 - article_number: 6 article_title: ICT risk management framework chunk_file: /dora/chunks/dora_t02_ch02.md path: "Title 2 > Chapter 2 > Article 6" applies_to_entities: - competent_authorities - financial_entities - ict_third_party_providers topics: - operational_resilience - ict_risk - risk_management - authorisation - liability - outsourcing - conflicts_of_interest - internal_control keywords: - POS - security - data - access - outsourcing - system - RTS - ITS - digital operational resilience - ict risk - information asset - ict asset - ict-related incident - major ict-related incident - ict third-party service provider - group - microenterprise contains: obligations: true prohibitions: false permissions: true definitions: false penalties: false delegated_powers: false implementing_powers: false rts_mandate: false its_mandate: false transitional: false internal_references: - target: Article 14 external_references: [] recitals: - 34 - 51 - article_number: 7 article_title: "ICT systems, protocols and tools" chunk_file: /dora/chunks/dora_t02_ch02.md path: "Title 2 > Chapter 2 > Article 7" applies_to_entities: - financial_entities topics: - operational_resilience - ict_risk - risk_management keywords: - transaction - data - system - ict risk contains: obligations: true prohibitions: false permissions: false definitions: false penalties: false delegated_powers: false implementing_powers: false rts_mandate: false its_mandate: false transitional: false internal_references: - target: Article 4 external_references: [] recitals: [] - article_number: 8 article_title: Identification chunk_file: /dora/chunks/dora_t02_ch02.md path: "Title 2 > Chapter 2 > Article 8" applies_to_entities: - financial_entities - ict_third_party_providers topics: - operational_resilience - ict_risk - risk_management - risk_assessment keywords: - POS - system - network - network and information system - legacy ict system - ict risk - information asset - ict asset - cyber threat - ict third-party service provider - critical or important function - microenterprise contains: obligations: true prohibitions: false permissions: false definitions: false penalties: false delegated_powers: false implementing_powers: false rts_mandate: false its_mandate: false transitional: false internal_references: - target: Article 6 paragraph: "1" external_references: [] recitals: [] - article_number: 9 article_title: Protection and prevention chunk_file: /dora/chunks/dora_t02_ch02.md path: "Title 2 > Chapter 2 > Article 9" applies_to_entities: - financial_entities topics: - operational_resilience - ict_risk - risk_management - authorisation - risk_assessment keywords: - authentication - transfer - instant - POS - security - data - access - system - network - ict risk - information asset - ict asset - cyber-attack - critical or important function contains: obligations: true prohibitions: false permissions: true definitions: true penalties: false delegated_powers: false implementing_powers: false rts_mandate: false its_mandate: false transitional: false internal_references: - target: Article 4 - target: Article 6 paragraph: "1" external_references: [] recitals: - 37 - 42 - article_number: 10 article_title: Detection chunk_file: /dora/chunks/dora_t02_ch02.md path: "Title 2 > Chapter 2 > Article 10" applies_to_entities: - financial_entities topics: - operational_resilience - ict_risk - risk_management keywords: - data - system - network - RTS - reporting - ict-related incident - cyber-attack - data reporting service provider contains: obligations: true prohibitions: false permissions: false definitions: false penalties: false delegated_powers: false implementing_powers: false rts_mandate: false its_mandate: false transitional: false internal_references: - target: Article 17 - target: Article 25 external_references: [] recitals: [] - article_number: 11 article_title: Response and recovery chunk_file: /dora/chunks/dora_t02_ch02.md path: "Title 2 > Chapter 2 > Article 11" applies_to_entities: - competent_authorities - financial_entities - ict_third_party_providers topics: - operational_resilience - ict_risk - risk_management - liability - outsourcing - internal_control keywords: - POS - data - access - system - ITS - guidelines - ict risk - information asset - ict asset - ict-related incident - major ict-related incident - cyber-attack - ict third-party service provider - ict services - critical or important function - microenterprise - joint committee contains: obligations: true prohibitions: false permissions: true definitions: true penalties: false delegated_powers: false implementing_powers: false rts_mandate: false its_mandate: false transitional: false internal_references: - target: Article 6 paragraph: "1" - target: Article 8 - target: Article 12 - target: Article 14 - target: Article 19 external_references: - instrument_type: regulation reference: "1093/2010" recitals: [] - article_number: 12 article_title: "Backup policies and procedures, restoration and recovery procedures and methods" chunk_file: /dora/chunks/dora_t02_ch02.md path: "Title 2 > Chapter 2 > Article 12" applies_to_entities: - financial_entities topics: - operational_resilience - ict_risk - risk_management - authorisation - counterparty_credit_risk - derivatives_clearing keywords: - transaction - POS - security - data - access - settlement - system - network - ITS - reporting - network and information system - ict risk - ict-related incident - critical or important function - central counterparty - data reporting service provider - microenterprise contains: obligations: true prohibitions: true permissions: false definitions: false penalties: false delegated_powers: false implementing_powers: false rts_mandate: false its_mandate: false transitional: false internal_references: [] external_references: [] recitals: [] - article_number: 13 article_title: Learning and evolving chunk_file: /dora/chunks/dora_t02_ch02.md path: "Title 2 > Chapter 2 > Article 13" applies_to_entities: - competent_authorities - financial_entities - ict_third_party_providers topics: - operational_resilience - ict_risk - risk_management - risk_assessment - governance keywords: - SCA - POS - security - scheme - RTS - digital operational resilience - ict risk - ict-related incident - major ict-related incident - cyber threat - cyber-attack - ict third-party service provider - critical or important function - management body - microenterprise contains: obligations: true prohibitions: false permissions: false definitions: false penalties: false delegated_powers: false implementing_powers: false rts_mandate: false its_mandate: false transitional: false internal_references: - target: Article 11 - target: Article 26 - target: Article 27 - target: Article 6 paragraph: "1" - target: Article 6 paragraph: "8" - target: Article 30 paragraph: "2" external_references: [] recitals: [] - article_number: 14 article_title: Communication chunk_file: /dora/chunks/dora_t02_ch02.md path: "Title 2 > Chapter 2 > Article 14" applies_to_entities: - financial_entities topics: - operational_resilience - ict_risk - risk_management keywords: - POS - RTS - ict risk - ict-related incident - major ict-related incident contains: obligations: true prohibitions: false permissions: false definitions: false penalties: false delegated_powers: false implementing_powers: false rts_mandate: false its_mandate: false transitional: false internal_references: - target: Article 6 paragraph: "1" external_references: [] recitals: [] - article_number: 15 article_title: "Further harmonisation of ICT risk management tools, methods, processes and policies" chunk_file: /dora/chunks/dora_t02_ch02.md path: "Title 2 > Chapter 2 > Article 15" applies_to_entities: - european_commission - financial_entities - ict_third_party_providers topics: - operational_resilience - ict_risk - risk_management - security keywords: - SCA - security - data - access - network - ITS - ict risk - ict-related incident - ict third-party service provider - critical or important function - joint committee contains: obligations: true prohibitions: false permissions: false definitions: false penalties: false delegated_powers: true implementing_powers: false rts_mandate: true its_mandate: false transitional: false internal_references: - target: Article 9 paragraph: "2" - target: Article 9 paragraph: "4" - target: Article 10 paragraph: "1" - target: Article 10 paragraph: "2" - target: Article 11 paragraph: "1" - target: Article 11 paragraph: "6" - target: Article 11 paragraph: "3" - target: Article 6 paragraph: "5" - target: Article 10 - target: Article 11 - target: Article 12 - target: Article 13 external_references: - instrument_type: regulation reference: "1093/2010" recitals: - 100 - article_number: 16 article_title: Simplified ICT risk management framework chunk_file: /dora/chunks/dora_t02_ch02.md path: "Title 2 > Chapter 2 > Article 16" applies_to_entities: - payment_institutions - member_states - competent_authorities - european_commission - financial_entities - ict_third_party_providers topics: - operational_resilience - ict_risk - risk_management - pensions - risk_assessment keywords: - SCA - electronic money - POS - security - data - system - network - ITS - digital operational resilience - network and information system - ict risk - ict-related incident - major ict-related incident - ict third-party service provider - critical or important function - investment firm - small and non-interconnected investment firm - payment institution - electronic money institution - joint committee contains: obligations: true prohibitions: true permissions: false definitions: false penalties: false delegated_powers: true implementing_powers: false rts_mandate: true its_mandate: false transitional: false internal_references: - target: Article 5 - target: Article 6 - target: Article 7 - target: Article 8 - target: Article 9 - target: Article 10 - target: Article 11 - target: Article 12 - target: Article 13 - target: Article 14 - target: Article 15 - target: Article 2 paragraph: "4" external_references: - instrument_type: directive reference: "2015/2366" - instrument_type: directive reference: "2013/36/EU" - instrument_type: directive reference: "2009/110/EC" - instrument_type: regulation reference: "1093/2010" recitals: [] - article_number: 17 article_title: ICT-related incident management process chunk_file: /dora/chunks/dora_t03_ict_related_incident_management_classifi.md path: "Title 3 > Article 17" applies_to_entities: - financial_entities topics: - operational_resilience - ict_risk - governance keywords: - SCA - RTS - notification - ict-related incident - major ict-related incident - cyber threat - significant cyber threat - management body contains: obligations: true prohibitions: false permissions: false definitions: false penalties: false delegated_powers: false implementing_powers: false rts_mandate: false its_mandate: false transitional: false internal_references: - target: Article 18 paragraph: "1" - target: Article 14 external_references: [] recitals: [] - article_number: 18 article_title: Classification of ICT-related incidents and cyber threats chunk_file: /dora/chunks/dora_t03_ict_related_incident_management_classifi.md path: "Title 3 > Article 18" applies_to_entities: - member_states - competent_authorities - european_commission - european_central_bank - financial_entities topics: - operational_resilience - ict_risk keywords: - transaction - POS - security - data - RTS - reporting - ict-related incident - operational or security payment-related incident - major ict-related incident - major operational or security payment-related incident - cyber threat - significant cyber threat - microenterprise - joint committee - medium-sized enterprise contains: obligations: true prohibitions: false permissions: false definitions: false penalties: false delegated_powers: true implementing_powers: false rts_mandate: true its_mandate: false transitional: false internal_references: - target: Article 19 paragraph: "1" - target: Article 19 paragraph: "6" - target: Article 19 paragraph: "7" - target: Article 4 paragraph: "2" - target: Article 10 - target: Article 11 - target: Article 12 - target: Article 13 external_references: - instrument_type: regulation reference: "1093/2010" recitals: [] - article_number: 19 article_title: Reporting of major ICT-related incidents and voluntary notification of significant cyber threats chunk_file: /dora/chunks/dora_t03_ict_related_incident_management_classifi.md path: "Title 3 > Article 19" applies_to_entities: - credit_institutions - member_states - competent_authorities - european_central_bank - financial_entities - payment_systems topics: - operational_resilience - ict_risk - incident_reporting - outsourcing - competent_authorities - payment_systems - security keywords: - supervision - POS - security - outsourcing - cross-border - system - RTS - ITS - EBA - reporting - notification - ict-related incident - major ict-related incident - cyber threat - significant cyber threat - group - credit institution - central securities depository contains: obligations: true prohibitions: false permissions: true definitions: true penalties: false delegated_powers: false implementing_powers: false rts_mandate: false its_mandate: false transitional: false internal_references: - target: Article 46 - target: Article 20 - target: Article 2 paragraph: "1" - target: Article 7 paragraph: "4" external_references: - instrument_type: regulation reference: "1024/2013" - instrument_type: directive reference: "2013/36/EU" - instrument_type: directive reference: "2022/2555" - instrument_type: regulation reference: "1093/2010" - instrument_type: directive reference: "2014/59" - instrument_type: regulation reference: "806/2014" - instrument_type: directive reference: "2014/59" recitals: [] - article_number: 20 article_title: Harmonisation of reporting content and templates chunk_file: /dora/chunks/dora_t03_ict_related_incident_management_classifi.md path: "Title 3 > Article 20" applies_to_entities: - member_states - european_commission - financial_entities topics: - operational_resilience - ict_risk - incident_reporting keywords: - SCA - POS - security - RTS - ITS - reporting - notification - ict-related incident - operational or security payment-related incident - major ict-related incident - major operational or security payment-related incident - cyber threat - significant cyber threat - joint committee contains: obligations: true prohibitions: false permissions: true definitions: true penalties: false delegated_powers: true implementing_powers: false rts_mandate: true its_mandate: true transitional: false internal_references: - target: Article 18 paragraph: "1" - target: Article 19 paragraph: "4" - target: Article 10 - target: Article 11 - target: Article 12 - target: Article 13 external_references: - instrument_type: directive reference: "2022/2555" - instrument_type: regulation reference: "1093/2010" - instrument_type: regulation reference: "1093/2010" recitals: [] - article_number: 21 article_title: Centralisation of reporting of major ICT-related incidents chunk_file: /dora/chunks/dora_t03_ict_related_incident_management_classifi.md path: "Title 3 > Article 21" applies_to_entities: - competent_authorities - european_commission - european_central_bank - financial_entities topics: - operational_resilience - ict_risk - incident_reporting keywords: - access - scheme - ITS - reporting - ict-related incident - major ict-related incident - joint committee contains: obligations: true prohibitions: false permissions: false definitions: false penalties: false delegated_powers: false implementing_powers: false rts_mandate: false its_mandate: false transitional: false internal_references: [] external_references: [] recitals: [] - article_number: 22 article_title: Supervisory feedback chunk_file: /dora/chunks/dora_t03_ict_related_incident_management_classifi.md path: "Title 3 > Article 22" applies_to_entities: - competent_authorities - financial_entities topics: - operational_resilience - ict_risk - competent_authorities keywords: - RTS - notification - ict-related incident - major ict-related incident - vulnerability - joint committee contains: obligations: true prohibitions: false permissions: true definitions: false penalties: false delegated_powers: false implementing_powers: false rts_mandate: false its_mandate: false transitional: false internal_references: - target: Article 19 paragraph: "4" - target: Article 19 paragraph: "1" - target: Article 19 paragraph: "6" external_references: - instrument_type: directive reference: "2022/2555" recitals: - 37 - article_number: 23 article_title: "Operational or security payment-related incidents concerning credit institutions, payment institutions, account information service providers, and electronic money institutions" chunk_file: /dora/chunks/dora_t03_ict_related_incident_management_classifi.md path: "Title 3 > Article 23" applies_to_entities: - payment_institutions - account_information_service_providers - credit_institutions topics: - operational_resilience - ict_risk keywords: - electronic money - security - operational or security payment-related incident - major operational or security payment-related incident - credit institution - payment institution - account information service provider - electronic money institution contains: obligations: true prohibitions: false permissions: false definitions: false penalties: false delegated_powers: false implementing_powers: false rts_mandate: false its_mandate: false transitional: false internal_references: [] external_references: [] recitals: [] - article_number: 24 article_title: General requirements for the performance of digital operational resilience testing chunk_file: /dora/chunks/dora_t04_digital_operational_resilience_testing.md path: "Title 4 > Article 24" applies_to_entities: - financial_entities topics: - operational_resilience - ict_risk - testing - risk_assessment - conflicts_of_interest keywords: - SCA - POS - system - digital operational resilience - ict risk - information asset - ict-related incident - critical or important function - microenterprise contains: obligations: true prohibitions: false permissions: false definitions: false penalties: false delegated_powers: false implementing_powers: false rts_mandate: false its_mandate: false transitional: false internal_references: - target: Article 4 paragraph: "2" - target: Article 6 - target: Article 25 - target: Article 26 external_references: [] recitals: [] - article_number: 25 article_title: Testing of ICT tools and systems chunk_file: /dora/chunks/dora_t04_digital_operational_resilience_testing.md path: "Title 4 > Article 25" applies_to_entities: - financial_entities topics: - operational_resilience - ict_risk - testing - risk_assessment keywords: - SCA - POS - security - system - network - digital operational resilience - information asset - vulnerability - ict services - critical or important function - microenterprise contains: obligations: true prohibitions: false permissions: false definitions: false penalties: false delegated_powers: false implementing_powers: false rts_mandate: false its_mandate: false transitional: false internal_references: - target: Article 24 - target: Article 4 paragraph: "2" external_references: [] recitals: [] - article_number: 26 article_title: "Advanced testing of ICT tools, systems and processes based on TLPT" chunk_file: /dora/chunks/dora_t04_digital_operational_resilience_testing.md path: "Title 4 > Article 26" applies_to_entities: - credit_institutions - member_states - competent_authorities - european_commission - financial_entities - ict_third_party_providers topics: - operational_resilience - ict_risk - testing - liability - outsourcing - competent_authorities keywords: - POS - security - data - system - RTS - ITS - ict risk - ict third-party service provider - ict services - critical or important function - credit institution - microenterprise - public authority contains: obligations: true prohibitions: false permissions: true definitions: true penalties: false delegated_powers: true implementing_powers: false rts_mandate: true its_mandate: false transitional: false internal_references: - target: Article 16 paragraph: "1" - target: Article 27 - target: Article 27 paragraph: "1" - target: Article 4 paragraph: "2" - target: Article 10 - target: Article 11 - target: Article 12 - target: Article 13 external_references: - instrument_type: regulation reference: "1024/2013" - instrument_type: regulation reference: "1093/2010" recitals: [] - article_number: 27 article_title: Requirements for testers for the carrying out of TLPT chunk_file: /dora/chunks/dora_t04_digital_operational_resilience_testing.md path: "Title 4 > Article 27" applies_to_entities: - member_states - competent_authorities - financial_entities topics: - operational_resilience - ict_risk - testing - conflicts_of_interest - audit keywords: - POS - data - threat intelligence - public authority contains: obligations: true prohibitions: false permissions: false definitions: false penalties: false delegated_powers: false implementing_powers: false rts_mandate: false its_mandate: false transitional: false internal_references: - target: Article 26 paragraph: "9" - target: Article 26 paragraph: "10" external_references: [] recitals: [] - article_number: 28 article_title: General principles chunk_file: /dora/chunks/dora_t05_ch01_key_principles_for_a_sound_management_of.md path: "Title 5 > Chapter 1 > Article 28" applies_to_entities: - competent_authorities - european_commission - financial_entities - ict_third_party_providers topics: - operational_resilience - ict_risk - third_party_risk - outsourcing - data_protection - large_exposures - risk_assessment - governance - conflicts_of_interest - risk_management keywords: - SCA - supervision - transfer - POS - security - data - access - ITS - ict risk - ict third-party risk - ict third-party service provider - ict services - critical or important function - group - ict concentration risk - management body - microenterprise - joint committee contains: obligations: true prohibitions: false permissions: true definitions: false penalties: false delegated_powers: true implementing_powers: false rts_mandate: true its_mandate: true transitional: false internal_references: - target: Article 6 paragraph: "1" - target: Article 16 paragraph: "1" - target: Article 6 paragraph: "9" - target: Article 29 - target: Article 4 paragraph: "2" - target: Article 10 - target: Article 11 - target: Article 12 - target: Article 13 external_references: - instrument_type: regulation reference: "1093/2010" - instrument_type: regulation reference: "1093/2010" recitals: [] - article_number: 29 article_title: Preliminary assessment of ICT concentration risk at entity level chunk_file: /dora/chunks/dora_t05_ch01_key_principles_for_a_sound_management_of.md path: "Title 5 > Chapter 1 > Article 29" applies_to_entities: - competent_authorities - financial_entities - ict_third_party_providers topics: - operational_resilience - ict_risk - third_party_risk - outsourcing - data_protection - large_exposures keywords: - POS - data - ITS - ict third-party service provider - ict services - critical or important function - ict third-party service provider established in a third country - ict concentration risk contains: obligations: true prohibitions: false permissions: true definitions: false penalties: false delegated_powers: false implementing_powers: false rts_mandate: false its_mandate: false transitional: false internal_references: - target: Article 28 paragraph: "4" external_references: [] recitals: [] - article_number: 30 article_title: Key contractual provisions chunk_file: /dora/chunks/dora_t05_ch01_key_principles_for_a_sound_management_of.md path: "Title 5 > Chapter 1 > Article 30" applies_to_entities: - competent_authorities - european_commission - financial_entities - ict_third_party_providers topics: - operational_resilience - ict_risk - third_party_risk - outsourcing - data_protection - security keywords: - SCA - security - data - access - third party - RTS - ITS - reporting - notification - digital operational resilience - ict third-party service provider - ict services - critical or important function - microenterprise - lead overseer - joint committee contains: obligations: true prohibitions: false permissions: true definitions: false penalties: false delegated_powers: true implementing_powers: false rts_mandate: true its_mandate: false transitional: false internal_references: - target: Article 13 paragraph: "6" - target: Article 26 - target: Article 27 - target: Article 10 - target: Article 11 - target: Article 12 - target: Article 13 external_references: - instrument_type: regulation reference: "1093/2010" recitals: [] - article_number: 31 article_title: Designation of critical ICT third-party service providers chunk_file: /dora/chunks/dora_t05_ch02_oversight_framework_of_critical_ict_thir.md path: "Title 5 > Chapter 2 > Article 31" applies_to_entities: - member_states - competent_authorities - european_commission - financial_entities - ict_third_party_providers topics: - operational_resilience - ict_risk - third_party_risk - outsourcing - critical_ict - oversight - supervision - competent_authorities keywords: - SCA - POS - data - system - RTS - ITS - EBA - notification - ict risk - ict third-party service provider - ict intra-group service provider - ict services - critical or important function - critical ict third-party service provider - ict third-party service provider established in a third country - subsidiary - group - lead overseer - joint committee contains: obligations: true prohibitions: true permissions: true definitions: false penalties: false delegated_powers: true implementing_powers: false rts_mandate: false its_mandate: false transitional: false internal_references: - target: Article 32 paragraph: "1" - target: Article 57 - target: Article 127 paragraph: "2" - target: Article 28 paragraph: "3" - target: Article 32 external_references: - instrument_type: regulation reference: "1093/2010" - instrument_type: regulation reference: "1093/2010" recitals: - 21 - article_number: 32 article_title: Structure of the Oversight Framework chunk_file: /dora/chunks/dora_t05_ch02_oversight_framework_of_critical_ict_thir.md path: "Title 5 > Chapter 2 > Article 32" applies_to_entities: - member_states - competent_authorities - european_commission - european_central_bank - financial_entities - ict_third_party_providers topics: - operational_resilience - ict_risk - third_party_risk - outsourcing - critical_ict - oversight - supervision - large_exposures keywords: - supervision - transfer - POS - security - RTS - guidelines - digital operational resilience - ict risk - ict third-party risk - ict third-party service provider - critical ict third-party service provider - ict concentration risk - lead overseer - joint committee contains: obligations: true prohibitions: false permissions: true definitions: true penalties: false delegated_powers: false implementing_powers: false rts_mandate: false its_mandate: false transitional: false internal_references: - target: Article 46 external_references: - instrument_type: regulation reference: "1093/2010" - instrument_type: regulation reference: "1093/2010" - instrument_type: directive reference: "2022/2555" - instrument_type: regulation reference: "1093/2010" recitals: - 37 - 42 - article_number: 33 article_title: Tasks of the Lead Overseer chunk_file: /dora/chunks/dora_t05_ch02_oversight_framework_of_critical_ict_thir.md path: "Title 5 > Chapter 2 > Article 33" applies_to_entities: - competent_authorities - financial_entities - ict_third_party_providers topics: - operational_resilience - ict_risk - third_party_risk - outsourcing - critical_ict - oversight - supervision keywords: - SCA - POS - security - data - system - network - ITS - reporting - ict risk - ict-related incident - cyber-attack - ict third-party service provider - ict services - critical or important function - critical ict third-party service provider - lead overseer contains: obligations: true prohibitions: false permissions: true definitions: false penalties: false delegated_powers: false implementing_powers: false rts_mandate: false its_mandate: false transitional: false internal_references: - target: Article 31 paragraph: "1" - target: Article 34 paragraph: "1" external_references: [] recitals: - 23 - 37 - article_number: 34 article_title: Operational coordination between Lead Overseers chunk_file: /dora/chunks/dora_t05_ch02_oversight_framework_of_critical_ict_thir.md path: "Title 5 > Chapter 2 > Article 34" applies_to_entities: - european_central_bank - ict_third_party_providers topics: - operational_resilience - ict_risk - third_party_risk - outsourcing - critical_ict - oversight - supervision keywords: - POS - ict third-party service provider - critical ict third-party service provider - lead overseer contains: obligations: true prohibitions: false permissions: true definitions: false penalties: false delegated_powers: false implementing_powers: false rts_mandate: false its_mandate: false transitional: false internal_references: - target: Article 31 paragraph: "1" - target: Article 42 external_references: [] recitals: [] - article_number: 35 article_title: Powers of the Lead Overseer chunk_file: /dora/chunks/dora_t05_ch02_oversight_framework_of_critical_ict_thir.md path: "Title 5 > Chapter 2 > Article 35" applies_to_entities: - member_states - competent_authorities - financial_entities - ict_third_party_providers topics: - operational_resilience - ict_risk - third_party_risk - outsourcing - critical_ict - oversight - supervision - liability - security - large_exposures keywords: - penalty - POS - security - access - system - RTS - ITS - notification - ict third-party service provider - ict services - critical or important function - critical ict third-party service provider - ict subcontractor established in a third country - ict concentration risk - lead overseer contains: obligations: true prohibitions: true permissions: true definitions: false penalties: true delegated_powers: false implementing_powers: false rts_mandate: false its_mandate: false transitional: false internal_references: - target: Article 37 - target: Article 38 - target: Article 39 - target: Article 33 paragraph: "3" - target: Article 41 paragraph: "1" external_references: - instrument_type: directive reference: "2022/2555" recitals: [] - article_number: 36 article_title: Exercise of the powers of the Lead Overseer outside the Union chunk_file: /dora/chunks/dora_t05_ch02_oversight_framework_of_critical_ict_thir.md path: "Title 5 > Chapter 2 > Article 36" applies_to_entities: - member_states - competent_authorities - financial_entities - ict_third_party_providers topics: - operational_resilience - ict_risk - third_party_risk - outsourcing - critical_ict - oversight - supervision keywords: - POS - consent - ITS - EBA - notification - ict third-party risk - ict third-party service provider - ict services - critical ict third-party service provider - ict third-party service provider established in a third country - subsidiary - lead overseer contains: obligations: true prohibitions: true permissions: true definitions: true penalties: true delegated_powers: false implementing_powers: false rts_mandate: false its_mandate: false transitional: false internal_references: - target: Article 31 paragraph: "12" - target: Article 35 paragraph: "1" - target: Article 38 paragraph: "2" - target: Article 39 paragraph: "1" - target: Article 39 paragraph: "2" - target: Article 37 - target: Article 31 paragraph: "1" - target: Article 35 external_references: - instrument_type: regulation reference: "1093/2010" recitals: [] - article_number: 37 article_title: Request for information chunk_file: /dora/chunks/dora_t05_ch02_oversight_framework_of_critical_ict_thir.md path: "Title 5 > Chapter 2 > Article 37" applies_to_entities: - competent_authorities - financial_entities - ict_third_party_providers topics: - operational_resilience - ict_risk - third_party_risk - outsourcing - critical_ict - oversight - supervision - authorisation keywords: - penalty - POS - security - RTS - ITS - ict-related incident - ict third-party service provider - critical ict third-party service provider - lead overseer contains: obligations: true prohibitions: false permissions: true definitions: false penalties: true delegated_powers: false implementing_powers: false rts_mandate: false its_mandate: false transitional: false internal_references: - target: Article 35 paragraph: "6" - target: Article 60 - target: Article 61 external_references: - instrument_type: regulation reference: "1093/2010" recitals: [] - article_number: 38 article_title: General investigations chunk_file: /dora/chunks/dora_t05_ch02_oversight_framework_of_critical_ict_thir.md path: "Title 5 > Chapter 2 > Article 38" applies_to_entities: - competent_authorities - financial_entities - ict_third_party_providers topics: - operational_resilience - ict_risk - third_party_risk - outsourcing - critical_ict - oversight - supervision - authorisation keywords: - authorisation - penalty - POS - data - consent - ITS - ict third-party service provider - ict services - critical ict third-party service provider - lead overseer contains: obligations: true prohibitions: false permissions: true definitions: false penalties: true delegated_powers: false implementing_powers: false rts_mandate: false its_mandate: false transitional: false internal_references: - target: Article 40 paragraph: "1" - target: Article 35 paragraph: "6" external_references: - instrument_type: regulation reference: "1093/2010" recitals: [] - article_number: 39 article_title: Inspections chunk_file: /dora/chunks/dora_t05_ch02_oversight_framework_of_critical_ict_thir.md path: "Title 5 > Chapter 2 > Article 39" applies_to_entities: - competent_authorities - financial_entities - ict_third_party_providers topics: - operational_resilience - ict_risk - third_party_risk - outsourcing - critical_ict - oversight - supervision - authorisation keywords: - authorisation - penalty - POS - data - system - network - ITS - ict third-party service provider - ict services - critical ict third-party service provider - lead overseer contains: obligations: true prohibitions: false permissions: true definitions: false penalties: true delegated_powers: false implementing_powers: false rts_mandate: false its_mandate: false transitional: false internal_references: - target: Article 40 paragraph: "1" - target: Article 35 paragraph: "6" external_references: - instrument_type: regulation reference: "1093/2010" recitals: [] - article_number: 40 article_title: Ongoing oversight chunk_file: /dora/chunks/dora_t05_ch02_oversight_framework_of_critical_ict_thir.md path: "Title 5 > Chapter 2 > Article 40" applies_to_entities: - member_states - competent_authorities - financial_entities - ict_third_party_providers topics: - operational_resilience - ict_risk - third_party_risk - outsourcing - critical_ict - oversight - supervision keywords: - POS - RTS - ict third-party service provider - ict services - critical ict third-party service provider - lead overseer contains: obligations: true prohibitions: false permissions: true definitions: false penalties: false delegated_powers: false implementing_powers: false rts_mandate: false its_mandate: false transitional: false internal_references: - target: Article 32 paragraph: "4" - target: Article 35 external_references: [] recitals: [] - article_number: 41 article_title: Harmonisation of conditions enabling the conduct of the oversight activities chunk_file: /dora/chunks/dora_t05_ch02_oversight_framework_of_critical_ict_thir.md path: "Title 5 > Chapter 2 > Article 41" applies_to_entities: - competent_authorities - european_commission - ict_third_party_providers topics: - operational_resilience - ict_risk - third_party_risk - outsourcing - critical_ict - oversight - supervision - information_requirements keywords: - POS - ict third-party service provider - critical ict third-party service provider - lead overseer - joint committee contains: obligations: true prohibitions: false permissions: false definitions: false penalties: false delegated_powers: true implementing_powers: false rts_mandate: true its_mandate: false transitional: false internal_references: - target: Article 31 paragraph: "11" - target: Article 35 paragraph: "1" - target: Article 42 paragraph: "3" - target: Article 10 - target: Article 11 - target: Article 12 - target: Article 13 external_references: - instrument_type: regulation reference: "1093/2010" recitals: [] - article_number: 42 article_title: Follow-up by competent authorities chunk_file: /dora/chunks/dora_t05_ch02_oversight_framework_of_critical_ict_thir.md path: "Title 5 > Chapter 2 > Article 42" applies_to_entities: - competent_authorities - financial_entities - ict_third_party_providers topics: - operational_resilience - ict_risk - third_party_risk - outsourcing - critical_ict - oversight - supervision - liability - competent_authorities keywords: - supervision - POS - system - RTS - ITS - notification - digital operational resilience - ict third-party risk - ict third-party service provider - critical ict third-party service provider - lead overseer contains: obligations: true prohibitions: false permissions: true definitions: false penalties: false delegated_powers: false implementing_powers: false rts_mandate: false its_mandate: false transitional: false internal_references: - target: Article 35 paragraph: "1" - target: Article 50 - target: Article 28 - target: Article 32 paragraph: "4" external_references: - instrument_type: directive reference: "2022/2555" recitals: - 106 - article_number: 43 article_title: Oversight fees chunk_file: /dora/chunks/dora_t05_ch02_oversight_framework_of_critical_ict_thir.md path: "Title 5 > Chapter 2 > Article 43" applies_to_entities: - ict_third_party_providers topics: - operational_resilience - ict_risk - third_party_risk - outsourcing - critical_ict - oversight - supervision - refunds keywords: - RTS - ITS - ict third-party service provider - critical ict third-party service provider - lead overseer contains: obligations: true prohibitions: false permissions: true definitions: false penalties: false delegated_powers: true implementing_powers: false rts_mandate: false its_mandate: false transitional: false internal_references: - target: Article 40 - target: Article 32 paragraph: "4" - target: Article 57 external_references: [] recitals: [] - article_number: 44 article_title: International cooperation chunk_file: /dora/chunks/dora_t05_ch02_oversight_framework_of_critical_ict_thir.md path: "Title 5 > Chapter 2 > Article 44" applies_to_entities: - competent_authorities - european_commission topics: - operational_resilience - ict_risk - third_party_risk - outsourcing - critical_ict - oversight - supervision keywords: - EBA - ict risk - ict third-party risk - joint committee contains: obligations: true prohibitions: false permissions: true definitions: false penalties: false delegated_powers: false implementing_powers: false rts_mandate: false its_mandate: false transitional: false internal_references: - target: Article 36 external_references: - instrument_type: regulation reference: "1093/2010" - instrument_type: regulation reference: "1093/2010" recitals: [] - article_number: 45 article_title: Information-sharing arrangements on cyber threat information and intelligence chunk_file: /dora/chunks/dora_t06_information_sharing_arrangements.md path: "Title 6 > Article 45" applies_to_entities: - competent_authorities - financial_entities - ict_third_party_providers topics: - operational_resilience - ict_risk - data_protection - security keywords: - POS - security - data - RTS - guidelines - digital operational resilience - cyber threat - ict third-party service provider contains: obligations: true prohibitions: false permissions: true definitions: false penalties: false delegated_powers: false implementing_powers: false rts_mandate: false its_mandate: false transitional: false internal_references: [] external_references: - instrument_type: regulation reference: "2016/679" recitals: [] - article_number: 46 article_title: Competent authorities chunk_file: /dora/chunks/dora_t07_competent_authorities.md path: "Title 7 > Article 46" applies_to_entities: - payment_institutions - account_information_service_providers - credit_institutions - competent_authorities - european_central_bank - ict_third_party_providers topics: - operational_resilience - ict_risk - authorisation - securitisation - insurance - reinsurance - pensions - crypto_assets keywords: - electronic money - POS - token - data - reporting - ict third-party service provider - critical ict third-party service provider - credit institution - investment firm - payment institution - account information service provider - electronic money institution - trading venue - data reporting service provider - insurance undertaking - reinsurance undertaking - crypto-asset service provider - crowdfunding service provider contains: obligations: true prohibitions: false permissions: false definitions: false penalties: false delegated_powers: false implementing_powers: false rts_mandate: false its_mandate: false transitional: false internal_references: - target: Article 4 - target: Article 40 - target: Article 41 - target: Article 10 - target: Article 14 external_references: - instrument_type: directive reference: "2013/36/EU" - instrument_type: regulation reference: "1024/2013" - instrument_type: directive reference: "2009/110/EC" - instrument_type: directive reference: "2015/2366" - instrument_type: directive reference: "2015/2366" - instrument_type: directive reference: "2019/2034" - instrument_type: regulation reference: "909/2014" - instrument_type: regulation reference: "648/2012" - instrument_type: directive reference: "2014/65/EU" - instrument_type: regulation reference: "600/2014" - instrument_type: directive reference: "2011/61/EU" - instrument_type: directive reference: "2009/65/EC" - instrument_type: directive reference: "2009/138/EC" - instrument_type: directive reference: "2016/97" - instrument_type: directive reference: "2016/2341" - instrument_type: regulation reference: "1060/2009" - instrument_type: regulation reference: "2016/1011" - instrument_type: regulation reference: "2020/1503" - instrument_type: regulation reference: "2017/2402" recitals: [] - article_number: 47 article_title: Cooperation with structures and authorities established by Directive (EU) 2022/2555 chunk_file: /dora/chunks/dora_t07_competent_authorities.md path: "Title 7 > Article 47" applies_to_entities: - competent_authorities - financial_entities - ict_third_party_providers topics: - operational_resilience - ict_risk keywords: - access - RTS - ict third-party service provider - critical ict third-party service provider - group contains: obligations: false prohibitions: false permissions: true definitions: false penalties: false delegated_powers: false implementing_powers: false rts_mandate: false its_mandate: false transitional: false internal_references: - target: Article 31 external_references: - instrument_type: directive reference: "2022/2555" - instrument_type: directive reference: "2022/2555" recitals: [] - article_number: 48 article_title: Cooperation between authorities chunk_file: /dora/chunks/dora_t07_competent_authorities.md path: "Title 7 > Article 48" applies_to_entities: - competent_authorities - ict_third_party_providers topics: - operational_resilience - ict_risk - competent_authorities keywords: - ict third-party service provider - critical ict third-party service provider - lead overseer contains: obligations: true prohibitions: false permissions: false definitions: false penalties: false delegated_powers: false implementing_powers: false rts_mandate: false its_mandate: false transitional: false internal_references: [] external_references: [] recitals: [] - article_number: 49 article_title: "Financial cross-sector exercises, communication and cooperation" chunk_file: /dora/chunks/dora_t07_competent_authorities.md path: "Title 7 > Article 49" applies_to_entities: - competent_authorities - european_central_bank topics: - operational_resilience - ict_risk keywords: - supervision - cross-border - system - ict-related incident - cyber-attack - joint committee contains: obligations: true prohibitions: false permissions: true definitions: false penalties: false delegated_powers: false implementing_powers: false rts_mandate: false its_mandate: false transitional: false internal_references: - target: Article 47 - target: Article 48 - target: Article 49 - target: Article 50 - target: Article 51 - target: Article 52 - target: Article 53 - target: Article 54 external_references: - instrument_type: directive reference: "2014/59" - instrument_type: regulation reference: "806/2014" recitals: [] - article_number: 50 article_title: Administrative penalties and remedial measures chunk_file: /dora/chunks/dora_t07_competent_authorities.md path: "Title 7 > Article 50" applies_to_entities: - member_states - competent_authorities - financial_entities topics: - operational_resilience - ict_risk - competent_authorities - governance keywords: - sanction - POS - data - access - consent - ITS - management body contains: obligations: true prohibitions: true permissions: true definitions: false penalties: true delegated_powers: false implementing_powers: false rts_mandate: false its_mandate: false transitional: false internal_references: - target: Article 52 external_references: [] recitals: [] - article_number: 51 article_title: Exercise of the power to impose administrative penalties and remedial measures chunk_file: /dora/chunks/dora_t07_competent_authorities.md path: "Title 7 > Article 51" applies_to_entities: - competent_authorities topics: - operational_resilience - ict_risk - competent_authorities keywords: - penalty - POS - ITS contains: obligations: true prohibitions: false permissions: false definitions: false penalties: true delegated_powers: false implementing_powers: false rts_mandate: false its_mandate: false transitional: false internal_references: - target: Article 50 external_references: [] recitals: [] - article_number: 52 article_title: Criminal penalties chunk_file: /dora/chunks/dora_t07_competent_authorities.md path: "Title 7 > Article 52" applies_to_entities: - member_states - competent_authorities topics: - operational_resilience - ict_risk keywords: - POS - EBA contains: obligations: true prohibitions: false permissions: true definitions: true penalties: true delegated_powers: false implementing_powers: false rts_mandate: false its_mandate: false transitional: false internal_references: [] external_references: - instrument_type: regulation reference: "1093/2010" recitals: [] - article_number: 53 article_title: Notification duties chunk_file: /dora/chunks/dora_t07_competent_authorities.md path: "Title 7 > Article 53" applies_to_entities: - member_states - european_banking_authority - european_commission topics: - operational_resilience - ict_risk keywords: - EBA - notification contains: obligations: true prohibitions: false permissions: false definitions: false penalties: false delegated_powers: false implementing_powers: false rts_mandate: false its_mandate: false transitional: false internal_references: [] external_references: - instrument_type: regulation reference: "1093/2010" recitals: [] - article_number: 54 article_title: Publication of administrative penalties chunk_file: /dora/chunks/dora_t07_competent_authorities.md path: "Title 7 > Article 54" applies_to_entities: - competent_authorities topics: - operational_resilience - ict_risk - liability - data_protection - competent_authorities keywords: - penalty - POS - data - ITS contains: obligations: true prohibitions: true permissions: true definitions: false penalties: true delegated_powers: false implementing_powers: false rts_mandate: false its_mandate: false transitional: false internal_references: [] external_references: [] recitals: [] - article_number: 55 article_title: Professional secrecy chunk_file: /dora/chunks/dora_t07_competent_authorities.md path: "Title 7 > Article 55" applies_to_entities: - competent_authorities topics: - operational_resilience - ict_risk keywords: - RTS contains: obligations: true prohibitions: true permissions: true definitions: false penalties: false delegated_powers: false implementing_powers: false rts_mandate: false its_mandate: false transitional: false internal_references: [] external_references: - instrument_type: directive reference: "2022/2555" recitals: [] - article_number: 56 article_title: Data Protection chunk_file: /dora/chunks/dora_t07_competent_authorities.md path: "Title 7 > Article 56" applies_to_entities: - competent_authorities topics: - operational_resilience - ict_risk - data_protection - competent_authorities keywords: - POS - data contains: obligations: true prohibitions: false permissions: true definitions: false penalties: false delegated_powers: false implementing_powers: false rts_mandate: false its_mandate: false transitional: false internal_references: [] external_references: - instrument_type: regulation reference: "2016/679" - instrument_type: regulation reference: "2018/1725" recitals: [] - article_number: 57 article_title: Exercise of the delegation chunk_file: /dora/chunks/dora_t08_delegated_acts.md path: "Title 8 > Article 57" applies_to_entities: - member_states - european_commission topics: - operational_resilience - ict_risk - delegated_acts keywords: - POS - RTS - notification contains: obligations: true prohibitions: true permissions: true definitions: false penalties: false delegated_powers: true implementing_powers: false rts_mandate: false its_mandate: false transitional: false internal_references: - target: Article 31 - target: Article 43 external_references: [] recitals: [] - article_number: 58 article_title: Review clause chunk_file: /dora/chunks/dora_t09_ch01.md path: "Title 9 > Chapter 1 > Article 58" applies_to_entities: - credit_institutions - european_commission - european_central_bank - financial_entities - ict_third_party_providers - payment_systems topics: - operational_resilience - ict_risk - final_provisions - transitional_provisions keywords: - supervision - POS - access - system - notification - digital operational resilience - cyber threat - significant cyber threat - ict third-party service provider - critical ict third-party service provider - subsidiary - lead overseer contains: obligations: true prohibitions: false permissions: true definitions: true penalties: false delegated_powers: false implementing_powers: false rts_mandate: false its_mandate: false transitional: false internal_references: - target: Article 31 paragraph: "2" - target: Article 19 - target: Article 31 paragraph: "12" - target: Article 35 paragraph: "1" - target: Article 2 paragraph: "3" - target: Article 108 external_references: - instrument_type: directive reference: "2015/2366" - instrument_type: directive reference: "2006/43/EC" recitals: [] - article_number: 59 article_title: Amendments to Regulation (EC) No 1060/2009 chunk_file: /dora/chunks/dora_t09_ch02_amendments.md path: "Title 9 > Chapter 2 > Article 59" applies_to_entities: [] topics: - operational_resilience - ict_risk - amendments - risk_assessment - credit_rating - internal_control keywords: - system - digital operational resilience - credit rating agency contains: obligations: true prohibitions: false permissions: false definitions: false penalties: false delegated_powers: false implementing_powers: false rts_mandate: false its_mandate: false transitional: false internal_references: - target: Article 6 paragraph: "2" external_references: - instrument_type: regulation reference: "1060/2009" - instrument_type: regulation reference: "2022/2554" - instrument_type: regulation reference: "648/2012" - instrument_type: regulation reference: "600/2014" - instrument_type: regulation reference: "909/2014" - instrument_type: regulation reference: "2016/1011" recitals: [] - article_number: 60 article_title: Amendments to Regulation (EU) No 648/2012 chunk_file: /dora/chunks/dora_t09_ch02_amendments.md path: "Title 9 > Chapter 2 > Article 60" applies_to_entities: [] topics: - operational_resilience - ict_risk - amendments - recovery_resolution keywords: - transaction - POS - settlement - system - ITS - digital operational resilience - ict risk - trade repository contains: obligations: true prohibitions: false permissions: false definitions: false penalties: false delegated_powers: false implementing_powers: false rts_mandate: true its_mandate: false transitional: false internal_references: - target: Article 26 - target: Article 34 - target: Article 56 paragraph: "3" - target: Article 79 - target: Article 80 - target: Article 79 paragraph: "1" - target: Article 79 paragraph: "2" - target: Article 26 paragraph: "3" - target: Article 34 paragraph: "1" external_references: - instrument_type: regulation reference: "648/2012" - instrument_type: regulation reference: "2022/2554" - instrument_type: regulation reference: "1060/2009" - instrument_type: regulation reference: "600/2014" - instrument_type: regulation reference: "909/2014" - instrument_type: regulation reference: "2016/1011" recitals: [] - article_number: 61 article_title: Amendments to Regulation (EU) No 909/2014 chunk_file: /dora/chunks/dora_t09_ch02_amendments.md path: "Title 9 > Chapter 2 > Article 61" applies_to_entities: - competent_authorities topics: - operational_resilience - ict_risk - amendments - recovery_resolution keywords: - transaction - POS - settlement - system - ITS - digital operational resilience - ict risk contains: obligations: true prohibitions: false permissions: false definitions: false penalties: false delegated_powers: false implementing_powers: false rts_mandate: true its_mandate: false transitional: false internal_references: - target: Article 12 paragraph: "5" - target: Article 12 paragraph: "7" external_references: - instrument_type: regulation reference: "909/2014" - instrument_type: regulation reference: "2022/2554" - instrument_type: regulation reference: "1060/2009" - instrument_type: regulation reference: "648/2012" - instrument_type: regulation reference: "600/2014" - instrument_type: regulation reference: "2016/1011" - instrument_type: regulation reference: "909/2014" recitals: [] - article_number: 62 article_title: Amendments to Regulation (EU) No 600/2014 chunk_file: /dora/chunks/dora_t09_ch02_amendments.md path: "Title 9 > Chapter 2 > Article 62" applies_to_entities: [] topics: - operational_resilience - ict_risk - amendments keywords: - security - system - network - digital operational resilience - network and information system - security of network and information systems contains: obligations: true prohibitions: false permissions: false definitions: false penalties: false delegated_powers: false implementing_powers: false rts_mandate: false its_mandate: false transitional: false internal_references: - target: Article 27g - target: Article 27h - target: Article 27i external_references: - instrument_type: regulation reference: "600/2014" - instrument_type: regulation reference: "2022/2554" - instrument_type: regulation reference: "1060/2009" - instrument_type: regulation reference: "648/2012" - instrument_type: regulation reference: "909/2014" - instrument_type: regulation reference: "2016/1011" recitals: [] - article_number: 63 article_title: Amendment to Regulation (EU) 2016/1011 chunk_file: /dora/chunks/dora_t09_ch02_amendments.md path: "Title 9 > Chapter 2 > Article 63" applies_to_entities: [] topics: - operational_resilience - ict_risk - amendments - risk_assessment - internal_control keywords: - system contains: obligations: true prohibitions: false permissions: false definitions: false penalties: false delegated_powers: false implementing_powers: false rts_mandate: false its_mandate: false transitional: false internal_references: [] external_references: - instrument_type: regulation reference: "2016/1011" - instrument_type: regulation reference: "2022/2554" - instrument_type: regulation reference: "2016/1011" recitals: [] - article_number: 64 article_title: Entry into force and application chunk_file: /dora/chunks/dora_t09_ch02_amendments.md path: "Title 9 > Chapter 2 > Article 64" applies_to_entities: [] topics: - operational_resilience - ict_risk - amendments keywords: - ITS contains: obligations: true prohibitions: false permissions: false definitions: false penalties: false delegated_powers: false implementing_powers: false rts_mandate: false its_mandate: false transitional: true internal_references: [] external_references: [] recitals: []