DORA
Digital operational resilience act
ICT risk management
ICT-related incident management
Digital operational resilience testing
Third-party risk management
Critical ICT third-party service providers
Harmonization of conduct activities
Preamble (Recitals 1 – 14)
Recitals
Chapter I (Articles 1 – 2)
Information to be provided by ICT third-party service providers in the application for a voluntary request to be designed as critical
Article 1
Information to be provided by ICT third-party service provider in the application for a voluntary request to be designated as critical
Article 2
Assessment of completeness of application
Chapter II (Articles 3 – 6)
Information from critical ICT third-party service providers to the lead overseer
Article 3
Content of information provided by critical ICT third-party service providers
Article 4
Information from critical ICT third-party providers after the issuance of recommendations
Article 5
Structure and format of information provided by critical ICT third-party service providers
Article 6
Information on subcontracting arrangements provided by critical ICT third-party service providers
Chapter III (Article 7)
Competent authorities’ assessment of the measures taken by critical ICT third-party service providers based on recommendations of the lead overseer
Article 7
Competent authorities’ assessment of the risks addressed in the recommendations of the Lead Overseer
Chapter IV (Article 8)
Final provisions
Article 8
Entry into force