§ DORA · Article 10
DORA Article 10: Obligations, Deadlines & Penalties
At a glance
Article 10 of the DORA imposes 5 obligations on Data reporting service providers, Financial entities. At least one obligation carries an explicit compliance deadline.
§ Obligations
All obligations under Article 10
Obligation 1
Financial entities shall have in place mechanisms to promptly detect anomalous activities, including ICT network performance issues and ICT-related incidents, and to identify potential material single points of failure.
Regulation (EU) 2022/2554, Article 10, Article 10
- Obligated entity
-
Financial entities
- Sector scope
- Financial sector
- Action required
-
have in place
- Deadline
-
—
- Penalty
-
—
Obligation 2
All detection mechanisms referred to in paragraph 1 shall be regularly tested in accordance with Article 25.
Regulation (EU) 2022/2554, Article 10, Article 10
- Obligated entity
-
Financial entities
- Sector scope
- Financial sector
- Action required
-
test
- Deadline
-
regularly
- Penalty
-
—
Obligation 3
The detection mechanisms shall enable multiple layers of control, define alert thresholds and criteria to trigger and initiate ICT-related incident response processes, including automatic alert mechanisms for relevant staff.
Regulation (EU) 2022/2554, Article 10, Article 10
- Obligated entity
-
Financial entities
- Sector scope
- Financial sector
- Action required
-
enable
- Deadline
-
—
- Penalty
-
—
Obligation 4
Financial entities shall devote sufficient resources and capabilities to monitor user activity, the occurrence of ICT anomalies and ICT-related incidents, in particular cyber-attacks.
Regulation (EU) 2022/2554, Article 10, Article 10
- Obligated entity
-
Financial entities
- Sector scope
- Financial sector
- Action required
-
monitor
- Deadline
-
—
- Penalty
-
—
Obligation 5
Data reporting service providers shall have in place systems that can effectively check trade reports for completeness, identify omissions and obvious errors, and request re-transmission of those reports.
Regulation (EU) 2022/2554, Article 10, Article 10
- Obligated entity
-
Data reporting service providers
- Sector scope
- Financial sector
- Action required
-
have in place
- Deadline
-
—
- Penalty
-
—
§ Frequently asked
Questions about Article 10
Who must comply with Article 10 of the DORA?
+
Data reporting service providers, Financial entities.
What does Article 10 of the DORA require?
+
have in place test enable
What is the compliance deadline for DORA Article 10?
+
regularly