Proportionality principle


TL;DR This article outlines the Digital Operations Resilience Act from the EU, which states that financial entities must apply the principles of Chapter II, III, IV and V, with consideration towards their size and overall risk profile, and the complexity of their services, activities and operations. Additionally, these entities must be able to provide reports to competent authorities in order to demonstrate their application of the proportionality principle.
  1. Financial entitiesas defined in Article 2, points (a) to (t) shall implement the rules laid down in Chapter II in accordance with the principle of proportionality, taking into account their size and overall risk profile, and the nature, scale and complexity of their services, activities and operations.

  2. In addition, the application by financial entitiesas defined in Article 2, points (a) to (t) of Chapters III, IV and V, Section I, shall be proportionate to their size and overall risk profile, and to the nature, scale and complexity of their services, activities and operations, as specifically provided for in the relevant rules of those Chapters.

  3. The competent authoritiesas defined in Article 46 shall consider the application of the proportionality principle by financial entitiesas defined in Article 2, points (a) to (t) when reviewing the consistency of the ICT riskany reasonably identifiable circumstance in relation to the use of network and information systems which, if materialised, may compromise the security of the network and information systems, of any technology dependent tool or process, of operations and processes, or of the provision of services by producing adverse effects in the digital or physical environment management framework on the basis of the reports submitted upon the request of competent authoritiesas defined in Article 46 pursuant to Article 6(5) and Article 16(2).