Article 52, Criminal Penalties, Digital Operational Resilience Act (DORA)
Overview
1. Member States may decide not to lay down rules for administrative penalties or remedial measures for breaches that are subject to criminal penalties under their national law.
2. Where Member States have chosen to lay down criminal penalties for breaches of this Regulation, they shall ensure that appropriate measures are in place so that competent authorities have all the necessary powers to liaise with judicial, prosecuting, or criminal justice authorities within their jurisdiction to receive specific information related to criminal investigations or proceedings commenced for breaches of this Regulation, and to provide the same information to other competent authorities, as well as EBA, ESMA or EIOPA to fulfil their obligations to cooperate for the purposes of this Regulation.
Summary Of Article 52
Article 52 of the Digital Operational Resilience Act (DORA) addresses the application of criminal penalties for breaches of the regulation. Member States have the option not to impose administrative penalties for violations that are subject to criminal penalties under national law. If criminal penalties are applied, Member States must ensure that competent authorities have the necessary powers to collaborate with judicial and criminal justice bodies. This collaboration involves sharing specific information related to criminal investigations or legal proceedings regarding DORA breaches.
Additionally, Member States must ensure that information relevant to these investigations is shared with other competent authorities and key European supervisory bodies such as the European Banking Authority (EBA), European Securities and Markets Authority (ESMA), or European Insurance and Occupational Pensions Authority (EIOPA). This facilitates cooperation across jurisdictions and supports effective enforcement of the regulation, ensuring that breaches are addressed through both national criminal justice systems and EU-wide coordination.