Article 14, Communication, Digital Operational Resilience Act (DORA).

Overview

1. As part of the ICT risk management framework referred to in Article 6(1), financial entities shall have in place crisis communication plans enabling a responsible disclosure of, at least, major ICT-related incidents or vulnerabilities to clients and counterparts as well as to the public, as appropriate.

2. As part of the ICT risk management framework, financial entities shall implement communication policies for internal staff and for external stakeholders. Communication policies for staff shall take into account the need to differentiate between staff involved in ICT risk management, in particular the staff responsible for response and recovery, and staff that needs to be informed.

3. At least one person in the financial entity shall be tasked with implementing the communication strategy for ICT-related incidents and fulfil the public and media function for that purpose.

Summary Of Article 14

Article 14 of the Digital Operational Resilience Act (DORA) emphasizes robust communication strategies for managing ICT risks. Financial entities must establish crisis communication plans to disclose major ICT incidents or vulnerabilities responsibly to clients, counterparts, and the public when necessary. Internal and external communication policies should differentiate between roles, ensuring relevant information reaches the appropriate staff and stakeholders. Additionally, at least one person must oversee the entity's communication strategy for ICT incidents, including managing public and media relations to maintain transparency and trust during crises.