Operational or security payment-related incidents concerning credit institutions, payment institutions


TL;DR This Article of the Digital Operations Resilience Act from EU outlines the requirements for operational or security payment-related incidents and major operational or security payment-related incidents affecting credit institutions, payment institutions, account information service providers, and electronic money institutions. It mandates that these companies must adhere to the requirements laid out in this chapter in order to ensure resilience and security.

The requirements laid down in this Chapter shall also apply to operational or security payment-related incidentsa single event or a series of linked events unplanned by the financial entities referred to in Article 2(1), points (a) to (d), whether ICT-related or not, that has an adverse impact on the availability, authenticity, integrity or confidentiality of payment-related data, or on the payment-related services provided by the financial entity and to major operational or security payment-related incidentsa single event or a series of linked events unplanned by the financial entities referred to in Article 2(1), points (a) to (d), whether ICT-related or not, that has an adverse impact on the availability, authenticity, integrity or confidentiality of payment-related data, or on the payment-related services provided by the financial entity, where they concern credit institutionsa credit institution as defined in Article 4(1), point (1), of Regulation (EU) No 575/2013 of the European Parliament and of the Council, payment institutionsa payment institution as defined in Article 4, point (4), of Directive (EU) 2015/2366, account information service providersan account information service provider as referred to in Article 33(1) of Directive (EU) 2015/2366, and electronic money institutionsan electronic money institution as defined in Article 2, point (1), of Directive 2009/110/EC of the European Parliament and of the Council.