My favourites

Chapter VII – Competent authorities (Art. 46-56)

Art. 46 DORA - Competent authorities arrow_right_alt

Art. 47 DORA - Cooperation with structures and authorities established by Directive (EU) 2022/2555 arrow_right_alt

Art. 48 DORA - Cooperation between authorities arrow_right_alt

Art. 49 DORA - Financial cross-sector exercises, communication and cooperation arrow_right_alt

  1. The ESAs, through the Joint Committee and in collaboration with competent authorities, resolution authorities as referred to in Article 3 of Directive 2014/59/EU, the ECB, the Single Resolution Board as regards information relating to entities falling under the scope of Regulation (EU) No 806/2014, the ESRB and ENISA, as appropriate, may establish mechanisms to enable the sharing of effective practices across financial sectors to enhance situational awareness and identify common cyber vulnerabilities and risks across sectors.

They may develop crisis management and contingency exercises involving cyber-attack scenarios with a view to developing communication channels and gradually enabling an effective coordinated response at Union level in the event of a major cross-border ICT-related incident or related threat having a systemic impact on the Union’s financial sector as a whole.

Those exercises may, as appropriate, also test the financial sector’s dependencies on other economic sectors.

  1. Competent authorities, ESAs and the ECB shall cooperate closely with each other and exchange information to carry out their duties pursuant to Articles 47 to 54. They shall closely coordinate their supervision in order to identify and remedy breaches of this Regulation, develop and promote best practices, facilitate collaboration, foster consistency of interpretation and provide cross-jurisdictional assessments in the event of any disagreements.
Close tabsclose
  • 86

Recital 86

To leverage the multi-layered institutional architecture in the financial services area, the Joint Committee of the ESAs should continue to ensure overall cross-sectoral coordination in relation to all matters pertaining to ICT risk, in accordance with its tasks on cybersecurity. It should be supported by a new Subcommittee (the ‘Oversight Forum’) carrying out preparatory work both for the individual decisions addressed to critical ICT third-party service providers, and for the issuing of collective recommendations, in particular in relation to benchmarking the oversight programmes for critical ICT third-party service providers, and identifying best practices for addressing ICT concentration risk issues.

Art. 50 DORA - Administrative penalties and remedial measures arrow_right_alt

Art. 51 DORA - Exercise of the power to impose administrative penalties and remedial measures arrow_right_alt

Art. 52 DORA - Criminal penalties arrow_right_alt

Art. 53 DORA - Notification duties arrow_right_alt

Art. 54 DORA - Publication of administrative penalties arrow_right_alt

Art. 55 DORA - Professional secrecy arrow_right_alt

Art. 56 DORA - Data Protection arrow_right_alt