My favourites

Chapter III – ICT-related incident management, classification and reporting (Art. 17-23)

Art. 17 DORA - ICT-related incident management process arrow_right_alt

Art. 18 DORA - Classification of ICT-related incidents and cyber threats arrow_right_alt

Art. 19 DORA - Reporting of major ICT-related incidents and voluntary notification of significant cyber threats arrow_right_alt

Art. 20 DORA - Harmonisation of reporting content and templates arrow_right_alt

Art. 21 DORA - Centralisation of reporting of major ICT-related incidents arrow_right_alt

Art. 22 DORA - Supervisory feedback arrow_right_alt

Art. 23 DORA - Operational or security payment-related incidents concerning credit institutions, payment institutions, account information service providers, and electronic money institutions arrow_right_alt

The requirements laid down in this Chapter shall also apply to operational or security payment-related incidents and to major operational or security payment-related incidents, where they concern credit institutions, payment institutions, account information service providers, and electronic money institutions.

Related
Close tabsclose
  • 54

Recital 54

This Regulation should require credit institutions, payment institutions, account information service providers and electronic money institutions to report all operational or security payment-related incidents – previously reported under Directive (EU) 2015/2366 – irrespective of the ICT nature of the incident.