§ DORA · Article 15
DORA Article 15: Obligations, Deadlines & Penalties
At a glance
Article 15 of the DORA imposes 4 obligations on Commission, ESAs. At least one obligation carries an explicit compliance deadline.
§ Obligations
All obligations under Article 15
Obligation 1
The ESAs shall, through the Joint Committee and in consultation with ENISA, develop common draft regulatory technical standards to specify further elements of ICT security policies, access management controls, incident detection mechanisms, business continuity policies, testing scenarios, response plans, and risk management review reports.
Regulation (EU) 2022/2554, Article 15, Article 15
- Obligated entity
-
ESAs
- Action required
-
develop
- Deadline
-
—
- Penalty
-
—
Obligation 2
When developing the draft regulatory technical standards, the ESAs shall take into account the size and overall risk profile of the financial entity, as well as the nature, scale, and complexity of its services, activities, and operations.
Regulation (EU) 2022/2554, Article 15, Article 15
- Obligated entity
-
ESAs
- Action required
-
take into account
- Deadline
-
—
- Penalty
-
—
Obligation 3
The ESAs shall submit the draft regulatory technical standards to the Commission by 17 January 2024.
Regulation (EU) 2022/2554, Article 15, Article 15
- Obligated entity
-
ESAs
- Action required
-
submit
- Deadline
-
17 January 2024
- Penalty
-
—
Obligation 4
The Commission shall supplement the Regulation by adopting the regulatory technical standards referred to in the first paragraph in accordance with the specified procedures.
Regulation (EU) 2022/2554, Article 15, Article 15
- Obligated entity
-
Commission
- Action required
-
adopt
- Deadline
-
—
- Penalty
-
—
§ Frequently asked
Questions about Article 15
Who must comply with Article 15 of the DORA?
+
Commission, ESAs.
What does Article 15 of the DORA require?
+
develop take into account submit
What is the compliance deadline for DORA Article 15?
+
17 January 2024