Articles of the Digital Operational Resilience Act(DORA)

Preamble 1 to 106.
Preamble 1 to 10, Digital Operational Resilience Act (DORA).
Preamble 11 to 20, Digital Operational Resilience Act (DORA).
Preamble 21 to 30, Digital Operational Resilience Act (DORA).
Preamble 31 to 40, Digital Operational Resilience Act (DORA).
Preamble 41 to 50, Digital Operational Resilience Act (DORA).
Preamble 51 to 60, Digital Operational Resilience Act (DORA).
Preamble 61 to 70, Digital Operational Resilience Act (DORA).
Preamble 71 to 80, Digital Operational Resilience Act (DORA).
Preamble 81 to 90, Digital Operational Resilience Act (DORA).
Preamble 91 to 106, Digital Operational Resilience Act (DORA).

Chapter I, GENERAL PROVISIONS
Article 1 Digital Operational Resilience Act (DORA), Subject matter
Article 2 Digital Operational Resilience Act (DORA), Personal scope
Article 3 Digital Operational Resilience Act (DORA), Definitions
Article 4 Digital Operational Resilience Act (DORA), Proportionality Principle

Chapter II, ICT RISK MANAGEMENT, SECTION I.
Article 5 Digital Operational Resilience Act (DORA), Governance and organisation
Article 6 Digital Operational Resilience Act (DORA), ICT risk management framework
Article 7 Digital Operational Resilience Act (DORA), ICT systems, protocols and tools
Article 8 Digital Operational Resilience Act (DORA), Identification
Article 9 Digital Operational Resilience Act (DORA), Protection and prevention
Article 10 Digital Operational Resilience Act (DORA), Detection
Article 11 Digital Operational Resilience Act (DORA), Response and recovery
Article 12 Digital Operational Resilience Act (DORA), Backup policies and procedures
Article 13 Digital Operational Resilience Act (DORA), Learning and evolving
Article 14 Digital Operational Resilience Act (DORA), Communication
Article 15 Digital Operational Resilience Act (DORA), Further harmonisation of ICT risk management tools, methods, processes and policies
Article 16 Digital Operational Resilience Act (DORA), Simplified ICT risk management framework

CHAPTER III, ICT-RELATED INCIDENTS MANAGEMENT, CLASSIFICATION and REPORTING.
Article 17 Digital Operational Resilience Act (DORA), ICT-related incident management process
Article 18 Digital Operational Resilience Act (DORA), Classification of ICT-related incidents and cyber threats
Article 19 Digital Operational Resilience Act (DORA), Reporting of major ICT-related incidents and voluntary notification of significant cyber threats
Article 20 Digital Operational Resilience Act (DORA), Harmonisation of reporting content and templates
Article 21 Digital Operational Resilience Act (DORA), Centralisation of reporting of major ICT-related incidents
Article 22 Digital Operational Resilience Act (DORA), Supervisory feedback
Article 23 Digital Operational Resilience Act (DORA), Operational or security payment-related incidents concerning credit institutions, payment institutions, account information service providers, and electronic money institutions

CHAPTER IV, DIGITAL OPERATIONAL RESILIENCE TESTING.

Article 24 Digital Operational Resilience Act (DORA), General requirements for the performance of digital operational resilience testing
Article 25 Digital Operational Resilience Act (DORA), Testing of ICT tools and systems
Article 26 Digital Operational Resilience Act (DORA), Advanced testing of ICT tools, systems and processes based on TLPT
Article 27 Digital Operational Resilience Act (DORA), Requirements for testers for the carrying out of TLPT

CHAPTER V, MANAGING OF ICT THIRD-PARTY RISK

SECTION I, Key principles for a sound management of ICT third party risk
Article 28 Digital Operational Resilience Act (DORA), General principles
Article 29 Digital Operational Resilience Act (DORA), Preliminary assessment of ICT concentration risk at entity level
Article 30 Digital Operational Resilience Act (DORA), Key contractual provisions

SECTION II, Oversight framework of critical ICT third-party service providers.
Article 31 Digital Operational Resilience Act (DORA), Designation of critical ICT third-party service providers
Article 32 Digital Operational Resilience Act (DORA), Structure of the Oversight Framework
Article 33 Digital Operational Resilience Act (DORA), Tasks of the Lead Overseer
Article 34 Digital Operational Resilience Act (DORA), Operational coordination between Lead Overseers
Article 35 Digital Operational Resilience Act (DORA), Powers of the Lead Overseer
Article 36 Digital Operational Resilience Act (DORA), Exercise of the powers of the Lead Overseer outside the Union
Article 37 Digital Operational Resilience Act (DORA), Request for information
Article 38 Digital Operational Resilience Act (DORA), General investigations
Article 39 Digital Operational Resilience Act (DORA), Inspections
Article 40 Digital Operational Resilience Act (DORA), Ongoing oversight
Article 41 Digital Operational Resilience Act (DORA), Harmonisation of conditions enabling the conduct of the oversight activities
Article 42 Digital Operational Resilience Act (DORA), Follow-up by competent authorities
Article 43 Digital Operational Resilience Act (DORA), Oversight fees
Article 44 Digital Operational Resilience Act (DORA), International cooperation

CHAPTER VI, INFORMATION SHARING ARRANGEMENTS.
Article 45 Digital Operational Resilience Act (DORA), Information-sharing arrangements on cyber threat information and intelligence

CHAPTER VII, COMPETENT AUTHORITIES
Article 46 Digital Operational Resilience Act (DORA), Competent authorities
Article 47 Digital Operational Resilience Act (DORA), Cooperation with structures and authorities established by Directive (EU) 2022/2555
Article 48 Digital Operational Resilience Act (DORA), Cooperation between authorities
Article 49 Digital Operational Resilience Act (DORA), Financial cross-sector exercises
Article 50 Digital Operational Resilience Act (DORA), Administrative penalties and remedial measures
Article 51 Digital Operational Resilience Act (DORA), Exercise of the power to impose administrative penalties and remedial measures
Article 52 Digital Operational Resilience Act (DORA), Criminal penalties
Article 53 Digital Operational Resilience Act (DORA), Notification duties
Article 54 Digital Operational Resilience Act (DORA), Publication of administrative penalties
Article 55 Digital Operational Resilience Act (DORA), Professional secrecy
Article 56 Digital Operational Resilience Act (DORA), Data Protection

CHAPTER VIII, DELEGATED ACTS
Article 57 Digital Operational Resilience Act (DORA), Exercise of the delegation

CHAPTER IX, TRANSITIONAL AND FINAL PROVISIONS, SECTION I
Article 58 Digital Operational Resilience Act (DORA), Review clause

SECTION II, AMENDMENTS 
Article 59 Digital Operational Resilience Act (DORA), Amendments to Regulation (EC) No 1060/2009
Article 60 Digital Operational Resilience Act (DORA), Amendments to Regulation (EU) No 648/2012
Article 61 Digital Operational Resilience Act (DORA), Amendments to Regulation (EU) No 909/2014
Article 62 Digital Operational Resilience Act (DORA), Amendments to Regulation (EU) No 600/2014
Article 63 Digital Operational Resilience Act (DORA), Amendment to Regulation (EU) 2016/1011
Article 64 Digital Operational Resilience Act (DORA), Entry into force and application