Article 34, Operational Coordination Between Lead Overseers, Digital Operational Resilience Act (DORA)

Overview

1. To ensure a consistent approach to oversight activities and with a view to enabling coordinated general oversight strategies and cohesive operational approaches and work methodologies, the three Lead Overseers appointed in accordance with Article 31(1), point (b), shall set up a JON to coordinate among themselves in the preparatory stages and to coordinate the conduct of oversight activities over their respective overseen critical ICT third-party service providers, as well as in the course of any action that may be needed pursuant to Article 42.

2. For the purposes of paragraph 1, the Lead Overseers shall draw up a common oversight protocol specifying the detailed procedures to be followed for carrying out the day-to-day coordination and for ensuring swift exchanges and reactions. The protocol shall be periodically revised to reflect operational needs, in particular the evolution of practical oversight arrangements.

3. The Lead Overseers may, on an ad-hoc basis, call on the ECB and ENISA to provide technical advice, share hands-on experience or join specific coordination meetings of the JON.

Summary Of Article 34

Article 34 of the Digital Operational Resilience Act (DORA) establishes the Joint Oversight Network (JON), which involves coordination among the three Lead Overseers to ensure consistent oversight of critical ICT third-party service providers. The JON is tasked with preparing and carrying out oversight activities and coordinating actions as needed under DORA, including those related to Article 42. The Lead Overseers will create a common oversight protocol to outline coordination procedures and ensure timely communication. This protocol will be updated periodically to reflect evolving needs. 

Additionally, the European Central Bank (ECB) and ENISA can be consulted for technical advice or to join specific coordination meetings on an ad-hoc basis. This structure ensures that oversight of critical ICT providers is consistent, efficient, and adaptable to emerging challenges.