§ DORA · Article 22

DORA Article 22: Obligations, Deadlines & Penalties

Regulation (EU) 2022/2554, Article 22 · All obligations · DORA
At a glance
Article 22 of the DORA imposes 3 obligations on ESAs, competent authority. At least one obligation carries an explicit compliance deadline.
§ Obligations

All obligations under Article 22

Obligation 1
The competent authority shall acknowledge receipt of the initial notification and each report referred to in Article 19(4). Regulation (EU) 2022/2554, Article 22, Article 22
Obligated entity
competent authority
Sector scope
financial sector
Action required
acknowledge
Deadline
Penalty
Obligation 2
The ESAs shall, through the Joint Committee, report yearly on major ICT-related incidents on an anonymised and aggregated basis, including details provided by competent authorities. Regulation (EU) 2022/2554, Article 22, Article 22
Obligated entity
ESAs
Sector scope
financial sector
Action required
report
Deadline
yearly
Penalty
Obligation 3
The ESAs shall issue warnings and produce high-level statistics to support ICT threat and vulnerability assessments. Regulation (EU) 2022/2554, Article 22, Article 22
Obligated entity
ESAs
Sector scope
financial sector
Action required
issue
Deadline
Penalty
§ Frequently asked

Questions about Article 22

Who must comply with Article 22 of the DORA? +
ESAs, competent authority.
What does Article 22 of the DORA require? +
acknowledge report issue
What is the compliance deadline for DORA Article 22? +
yearly
Need a cross-border briefing on DORA Article 22?
Search Fontvera ↵
All EU obligation pages  ·  All DORA articles