Article 48, Cooperation Between Authorities, Digital Operational Resilience Act (DORA)

Overview

1. Competent authorities shall cooperate closely among themselves and, where applicable, with the Lead Overseer.

2. Competent authorities and the Lead Overseer shall, in a timely manner, mutually exchange all relevant information concerning critical ICT third-party service providers which is necessary for them to carry out their respective duties under this Regulation, in particular in relation to identified risks, approaches and measures taken as part of the Lead Overseer’s oversight tasks.

Summary Of Article 48

Article 48 of the Digital Operational Resilience Act (DORA) outlines the importance of cooperation between competent authorities and the Lead Overseer in managing the risks associated with critical ICT third-party service providers. This cooperation is essential to ensure that the financial sector’s reliance on external ICT services does not compromise its operational resilience.

The article mandates that competent authorities, which are the regulatory bodies overseeing financial institutions, must cooperate closely with one another. This collaboration ensures that regulatory approaches are aligned, providing a unified front in managing the resilience of critical ICT services. Given the cross-border nature of many financial institutions and their third-party ICT providers, this cooperation helps prevent gaps in oversight and strengthens regulatory consistency across jurisdictions.

Furthermore, Article 48 emphasizes the timely exchange of relevant information between competent authorities and the Lead Overseer. This exchange must focus on the identification of risks, the strategies employed to mitigate them, and the measures taken as part of the Lead Overseer's oversight activities. Effective information-sharing ensures that all parties are equipped to address potential threats quickly, whether they involve cybersecurity risks, system failures, or compliance issues.

By fostering close collaboration and information sharing, Article 48 enhances the overall effectiveness of DORA, enabling authorities to proactively manage risks and ensure the continued stability of the financial system in an increasingly digitalized environment. This cooperative approach helps ensure that critical ICT third-party services are resilient and able to withstand disruptions.