Digital Operational Resilience Act (DORA) DORA

Article 4, Proportionality Principle, Digital Operational Resilience Act (DORA)

by Kira Hk

Overview

1. Financial entities shall implement the rules laid down in Chapter II in accordance with the principle of proportionality, taking into account their size and overall risk profile, and the nature, scale and complexity of their services, activities and operations.

2. In addition, the application by financial entities of Chapters III, IV and V, Section I, shall be proportionate to their size and overall risk profile, and to the nature, scale and complexity of their services, activities and operations, as specifically provided for in the relevant rules of those Chapters.

3. The competent authorities shall consider the application of the proportionality principle by financial entities when reviewing the consistency of the ICT risk management framework on the basis of the reports submitted upon the request of competent authorities pursuant to Article 6(5) and Article 16(2).

Article 4, Proportionality Principle, Digital Operational Resilience Act (DORA)

Summary Of Article 4

Article 4 of the Digital Operational Resilience Act (DORA) emphasizes the application of the proportionality principle for financial entities. This principle mandates that financial entities implement the rules outlined in Chapter II in a manner that aligns with their size, overall risk profile, and the nature, scale, and complexity of their services, activities, and operations. Essentially, smaller or less complex entities are required to adopt rules that are proportionate to their operational scale and associated risks. Furthermore, financial entities must apply the provisions in Chapters III, IV, and V, Section I, in a manner that reflects their unique characteristics, ensuring that the rules are suited to their specific risk exposure and operational complexity.

The proportionality principle is also a key consideration for competent authorities when assessing the consistency of a financial entity’s ICT risk management framework. This evaluation is based on the reports submitted by financial entities, as required by Articles 6(5) and 16(2). In essence, Article 4 promotes a flexible, risk-based approach to compliance, ensuring that entities are held to appropriate standards based on their size and risk profile.
More from: Digital Operational Resilience Act (DORA) DORA
Back to DORA Articles

Implement ISO Faster with a Complete Documentation System

You're currently viewing a single template. Most ISO implementations require a complete set of policies, procedures, and records. Choose what fits your needs.
BEST FOR single ISO STANDARD

ISO Toolkit for Your Standard

Audit ReadyToolkits

Pick your toolkit from 8 ready-to-use ISO toolkits available: ISO 27001, 9001, 14001, 45001, 22301, 20000, and 42001 (AI Governance).

✔ Complete ISO documentation framework
✔ Policies, procedures, templates, and records
✔ Risk management & internal audit templates
✔ Management Review and Nonconformance
✔ ISO Standard Mapped Implementation Plan

💡 All toolkits come with instant download, one-time payment, and unlimited email & chat support.

View ISO Toolkits Collection →
BEST FOR MULTIPLE ISO STANDARDS

ISO PowerPack Bundle

All 8 ISO Toolkits in One Power Pack

Designed for teams, organizations, and consultants managing multiple ISO implementations across projects and clients.

✔ Unlimited internal and client use
✔ Deliver ISO services from day one
✔ Impress clients and auditors
✔ Skip months of document creation
✔ Grow your consulting business

💡All the benefits of our ISO toolkits combined in one powerful bundle — save over $1,000 compared to buying the toolkits individually.

View ISO PowerPack →