TL;DRThe Digital Operations Resilience Act from the EU requires that any confidential information received, exchanged, or transmitted must be subject to professional secrecy and handled confidentially. Such information will not be disclosed to any other person or authority, except by virtue of Union or national law or when necessary for legal proceedings. All exchanges between competent authorities concerning business conditions, operational conditions, and other economic or personal affairs must be treated as confidential and subject to professional secrecy.
Any confidential information received, exchanged or transmitted pursuant to this Regulation shall be subject to the conditions of professional secrecy laid down in paragraph 2.
The obligation of professional secrecy applies to all persons who work, or who have worked, for the competent authoritiesas defined in Article 46 pursuant to this Regulation, or for any authority or market undertaking or natural or legal person to whom those competent authoritiesas defined in Article 46 have delegated their powers, including auditors and experts contracted by them.
Information covered by professional secrecy, including the exchange of information among competent authoritiesas defined in Article 46 under this Regulation and competent authoritiesas defined in Article 46 designated or established in accordance with Directive (EU) 2022/2555, shall not be disclosed to any other person or authority except by virtue of provisions laid down by Union or national law;
All information exchanged between the competent authoritiesas defined in Article 46 pursuant to this Regulation that concerns business or operational conditions and other economic or personal affairs shall be considered confidential and shall be subject to the requirements of professional secrecy, except where the competent authorityas defined in Article 46 states, at the time of communication, that such information may be disclosed or where such disclosure is necessary for legal proceedings.