§ DORA · Article 14
DORA Article 14: Obligations, Deadlines & Penalties
At a glance
Article 14 of the DORA imposes 3 obligations on financial entities.
§ Obligations
All obligations under Article 14
Obligation 1
Financial entities shall have in place crisis communication plans enabling a responsible disclosure of major ICT-related incidents or vulnerabilities to clients, counterparts, and the public as appropriate.
Regulation (EU) 2022/2554, Article 14, Article 14
- Obligated entity
-
financial entities
- Sector scope
- financial sector
- Action required
-
have in place
- Deadline
-
—
- Penalty
-
—
Obligation 2
Financial entities shall implement communication policies for internal staff and for external stakeholders, differentiating between staff involved in ICT risk management and staff that needs to be informed.
Regulation (EU) 2022/2554, Article 14, Article 14
- Obligated entity
-
financial entities
- Sector scope
- financial sector
- Action required
-
implement
- Deadline
-
—
- Penalty
-
—
Obligation 3
At least one person in the financial entity shall be tasked with implementing the communication strategy for ICT-related incidents and fulfil the public and media function for that purpose.
Regulation (EU) 2022/2554, Article 14, Article 14
- Obligated entity
-
financial entities
- Sector scope
- financial sector
- Action required
-
task
- Deadline
-
—
- Penalty
-
—
§ Frequently asked
Questions about Article 14
Who must comply with Article 14 of the DORA?
+
financial entities.
What does Article 14 of the DORA require?
+
have in place implement task