DORA Amending Directive – (EU) 2022/2556
Directive (EU) 2022/2556 of the European Parliament and of the Council of 14 December 2022 amending Directives 2009/65/EC, 2009/138/EC, 2011/61/EU, 2013/36/EU, 2014/59/EU, 2014/65/EU, (EU) 2015/2366 and (EU) 2016/2341 as regards digital operational resilience for the financial sector
Abstract
This Directive amends multiple EU financial-services directives to ensure legal clarity and consistency with the digital operational resilience requirements set out in Regulation (EU) 2022/2554 (DORA). It aligns sectoral governance, ICT risk management, business continuity, incident reporting, and related supervisory expectations across the internal market.
Key Takeaways
- Aligns ICT risk governance and operational resilience obligations in several sectoral directives with Regulation (EU) 2022/2554 (DORA).
- Requires contingency and business continuity arrangements in relevant sectors to explicitly include ICT business continuity as well as ICT response and recovery plans aligned to DORA requirements.
- Adjusts supervisory and resilience-related provisions to explicitly take account of ICT-related incident information and digital operational resilience testing performed under DORA.
- Streamlines incident reporting for payment service providers subject to DORA by removing duplicative PSD2 incident reporting obligations so a single harmonised mechanism applies.
- Sets a transposition deadline for Member States (by 17 January 2025) and requires application from the same date as DORA’s application.
Keywords
Need DORA-Aligned AI Architecture?
We build AI systems that satisfy DORA requirements from day one. Audit trails, governance, exit readiness - built in, not bolted on.
Schedule Architecture Reviewviktor@intellectumlab.com | Response within 24 hours