Article 23, Operational or Security Payment-Related Incidents Concerning Credit Institutions, Payment Institutions, Account Information Service Providers, and Electronic Money Institutions, Digital Operational Resilience Act (DORA)

The requirements laid down in this Chapter shall also apply to operational or security payment-related incidents and to major operational or security payment-related incidents, where they concern credit institutions, payment institutions, account information service providers, and electronic money institutions.

Summary Of Article 23

Article 23 of the Digital Operational Resilience Act (DORA) broadens the scope of its incident management provisions to encompass operational and security payment-related incidents involving specific financial institutions. These institutions include credit institutions, payment institutions, account information service providers, and electronic money institutions. By mandating adherence to the requirements outlined in this chapter, Article 23 aims to ensure consistency, accountability, and resilience in handling both operational and major security payment-related incidents. This inclusivity strengthens the digital operational framework across diverse financial service providers, ensuring sector-wide robustness and the mitigation of systemic risks.

This approach ensures alignment across the financial sector, emphasizing uniformity in reporting, managing, and resolving incidents that could disrupt critical payment systems or compromise security. It highlights DORA’s commitment to maintaining trust and integrity in the financial system by obligating institutions with diverse functions to uphold the same high standards of operational resilience and risk management.