Articles of the Digital Operational Resilience Act(DORA)

Preamble 1 to 73.
Preamble 1 to 10, Digital Operational Resilience Act (DORA).
Preamble 11 to 20, Digital Operational Resilience Act (DORA).
Preamble 21 to 30, Digital Operational Resilience Act (DORA).
Preamble 31 to 40, Digital Operational Resilience Act (DORA).
Preamble 41 to 50, Digital Operational Resilience Act (DORA).
Preamble 51 to 60, Digital Operational Resilience Act (DORA).
Preamble 61 to 73, Digital Operational Resilience Act (DORA).

Chapter I, GENERAL PROVISIONS
Article 1 Digital Operational Resilience Act (DORA), Subject matter
Article 2 Digital Operational Resilience Act (DORA), Personal scope
Article 3 Digital Operational Resilience Act (DORA), Definitions

Chapter II, ICT RISK MANAGEMENT, SECTION I.
Article 4 Digital Operational Resilience Act (DORA), Governance and organisation
Article 5 Digital Operational Resilience Act (DORA), ICT risk management framework
Article 6 Digital Operational Resilience Act (DORA), ICT systems, protocols and tools
Article 7 Digital Operational Resilience Act (DORA), Identification
Article 8 Digital Operational Resilience Act (DORA), Protection and Prevention
Article 9 Digital Operational Resilience Act (DORA), Detection
Article 10 Digital Operational Resilience Act (DORA), Response and recovery
Article 11 Digital Operational Resilience Act (DORA), Backup policies and recovery methods
Article 12 Digital Operational Resilience Act (DORA), Learning and evolving
Article 13 Digital Operational Resilience Act (DORA), Communication
Article 14 Digital Operational Resilience Act (DORA), Further harmonisation of ICT risk management tools, methods, processes and policies

CHAPTER III, ICT-RELATED INCIDENTS MANAGEMENT, CLASSIFICATION and REPORTING.
Article 15 Digital Operational Resilience Act (DORA), ICT-related incident management process
Article 16 Digital Operational Resilience Act (DORA), Classification of ICT-related incidents
Article 17 Digital Operational Resilience Act (DORA), Reporting of major ICT-related incidents
Article 18 Digital Operational Resilience Act (DORA), Harmonisation of reporting content and templates
Article 19 Digital Operational Resilience Act (DORA), Centralisation of reporting of major ICT-related incidents
Article 20 Digital Operational Resilience Act (DORA), Supervisory feedback

CHAPTER IV, DIGITAL OPERATIONAL RESILIENCE TESTING.
Article 21 Digital Operational Resilience Act (DORA), General requirements for the performance of digital operational resilience testing
Article 22 Digital Operational Resilience Act (DORA), Testing of ICT tools and systems
Article 23 Digital Operational Resilience Act (DORA), Advanced testing of ICT tools, systems and processes based on threat led penetration testing
Article 24 Digital Operational Resilience Act (DORA), Requirements for testers

CHAPTER V, MANAGING OF ICT THIRD-PARTY RISK

SECTION I, Key principles for a sound management of ICT third party risk
Article 25 Digital Operational Resilience Act (DORA), General principles
Article 26 Digital Operational Resilience Act (DORA), Preliminary assessment of ICT concentration risk and further sub-outsourcing arrangements
Article 27 Digital Operational Resilience Act (DORA), Key contractual provisions

SECTION II, Oversight framework of critical ICT third-party service providers.
Article 28 Digital Operational Resilience Act (DORA), Designation of critical ICT third-party service providers
Article 29 Digital Operational Resilience Act (DORA), Structure of the Oversight Framework
Article 30 Digital Operational Resilience Act (DORA), Tasks of the Lead Overseer
Article 31 Digital Operational Resilience Act (DORA), Powers of the Lead Overseer
Article 32 Digital Operational Resilience Act (DORA), Request for information
Article 33 Digital Operational Resilience Act (DORA), General investigations
Article 34 Digital Operational Resilience Act (DORA), On-site inspections
Article 35 Digital Operational Resilience Act (DORA), Ongoing Oversight
Article 36 Digital Operational Resilience Act (DORA), Harmonisation of conditions enabling the conduct of the Oversight
Article 37 Digital Operational Resilience Act (DORA), Follow-up by competent authorities
Article 38 Digital Operational Resilience Act (DORA), Oversight fees
Article 39 Digital Operational Resilience Act (DORA), International cooperation

CHAPTER VI, INFORMATION SHARING ARRANGEMENTS.
Article 40 Digital Operational Resilience Act (DORA), Information-sharing arrangements on cyber threat information and intelligence

CHAPTER VII, COMPETENT AUTHORITIES
Article 41 Digital Operational Resilience Act (DORA), Competent authorities
Article 42 Digital Operational Resilience Act (DORA), Cooperation with structures and authorities established by Directive (EU) 2016/1148
Article 43 Digital Operational Resilience Act (DORA), Financial cross-sector exercises, communication and cooperation
Article 44 Digital Operational Resilience Act (DORA), Administrative penalties and remedial measures
Article 45 Digital Operational Resilience Act (DORA), Exercise of the power to impose administrative penalties and remedial measures
Article 46 Digital Operational Resilience Act (DORA), Criminal penalties
Article 47 Digital Operational Resilience Act (DORA), Notification duties
Article 48 Digital Operational Resilience Act (DORA), Publication of administrative penalties
Article 49 Digital Operational Resilience Act (DORA), Professional secrecy

CHAPTER VIII, DELEGATED ACTS
Article 50 Digital Operational Resilience Act (DORA), Exercise of the delegation

CHAPTER IX, TRANSITIONAL AND FINAL PROVISIONS, SECTION I
Article 51 Digital Operational Resilience Act (DORA), Review clause

SECTION II, AMENDMENTS
Article 52 Digital Operational Resilience Act (DORA), Amendments to Regulation (EC) No 1060/2009
Article 53 Digital Operational Resilience Act (DORA), Amendments to Regulation (EU) No 648/2012
Article 54 Digital Operational Resilience Act (DORA), Amendments to Regulation (EU) No 909/2014
Article 55 Digital Operational Resilience Act (DORA), Amendments to Regulation (EU) No 600/2014
Article 56 Digital Operational Resilience Act (DORA), Entry into force and application