DORA
Digital operational resilience act
ICT risk management
ICT-related incident management
Digital operational resilience testing
Third-party risk management
Critical ICT third-party service providers
ICT incident classification
Preamble (Recitals 1 – 18)
Recitals
Chapter I (Articles 1 – 7)
Classification criteria
Article 1
Clients, financial counterparts and transactions
Article 2
Reputational impact
Article 3
Duration and service downtime
Article 4
Geographical spread
Article 5
Data losses
Article 6
Criticality of services affected
Article 7
Economic impact
Chapter II (Articles 8 – 9)
Major incidents and materiality thresholds
Article 8
Major incidents
Article 9
Materiality thresholds for determining major incidents
Chapter III (Article 10)
Significant cyber threats
Article 10
High materiality thresholds for determining significant cyber threats
Chapter IV (Articles 11 – 12)
Relevance of major incidents to competent authorities in other Member States and details of reports to be shared with other competent authorities
Article 11
Relevance of major incidents to competent authorities in other Member States
Article 12
Details of major incidents to be shared with other competent authorities
Chapter V (Article 13)
Final provisions
Article 13
Entry into force