§ DORA · Article 22
DORA Article 22: Obligations, Deadlines & Penalties
At a glance
Article 22 of the DORA imposes 3 obligations on ESAs, competent authority. At least one obligation carries an explicit compliance deadline.
§ Obligations
All obligations under Article 22
Obligation 1
The competent authority shall acknowledge receipt of the initial notification and each report referred to in Article 19(4).
Regulation (EU) 2022/2554, Article 22, Article 22
- Obligated entity
-
competent authority
- Sector scope
- financial sector
- Action required
-
acknowledge
- Deadline
-
—
- Penalty
-
—
Obligation 2
The ESAs shall, through the Joint Committee, report yearly on major ICT-related incidents on an anonymised and aggregated basis, including details provided by competent authorities.
Regulation (EU) 2022/2554, Article 22, Article 22
- Obligated entity
-
ESAs
- Sector scope
- financial sector
- Action required
-
report
- Deadline
-
yearly
- Penalty
-
—
Obligation 3
The ESAs shall issue warnings and produce high-level statistics to support ICT threat and vulnerability assessments.
Regulation (EU) 2022/2554, Article 22, Article 22
- Obligated entity
-
ESAs
- Sector scope
- financial sector
- Action required
-
issue
- Deadline
-
—
- Penalty
-
—
§ Frequently asked
Questions about Article 22
Who must comply with Article 22 of the DORA?
+
ESAs, competent authority.
What does Article 22 of the DORA require?
+
acknowledge report issue
What is the compliance deadline for DORA Article 22?
+
yearly