Article 4, Proportionality Principle, Digital Operational Resilience Act (DORA)
Overview
1. Financial entities shall implement the rules laid down in Chapter II in accordance with the principle of proportionality, taking into account their size and overall risk profile, and the nature, scale and complexity of their services, activities and operations.
2. In addition, the application by financial entities of Chapters III, IV and V, Section I, shall be proportionate to their size and overall risk profile, and to the nature, scale and complexity of their services, activities and operations, as specifically provided for in the relevant rules of those Chapters.
3. The competent authorities shall consider the application of the proportionality principle by financial entities when reviewing the consistency of the ICT risk management framework on the basis of the reports submitted upon the request of competent authorities pursuant to Article 6(5) and Article 16(2).
Summary Of Article 4
The proportionality principle is also a key consideration for competent authorities when assessing the consistency of a financial entity’s ICT risk management framework. This evaluation is based on the reports submitted by financial entities, as required by Articles 6(5) and 16(2). In essence, Article 4 promotes a flexible, risk-based approach to compliance, ensuring that entities are held to appropriate standards based on their size and risk profile.