Data & Privacy
- Data Act
- Data Governance Act
- ePrivacy Directive
- GDPR
AI & Trust
- Artificial Intelligence Act
Cybersecurity
- Cybersecurity Act
- DORA
- NIS2
Digital Services & Media
- Digital Markets Act
- Digital Services Act
- European Media Freedom Act
Digital Operational Resilience Act
- Recitals
CHAPTER I
General provisionsArticles 1 — 4
CHAPTER II
ICT risk managementArticles 5 — 16
CHAPTER III
ICT-related incident management, classification and reportingArticles 17 — 23
CHAPTER IV
Digital operational resilience testingArticles 24 — 27
CHAPTER V
Managing of ICT third-party riskArticles 28 — 44
CHAPTER VI
Information-sharing arrangementsArticles 45 — 45
CHAPTER VII
Competent authoritiesArticles 46 — 56
CHAPTER VIII
Delegated actsArticles 57 — 57
CHAPTER IX
Transitional and final provisionsArticles 58 — 64
DORA Article 49. Financial cross-sector exercises, communication and cooperation
- 1.The ESAs, through the Joint Committee and in collaboration with competent authorities, resolution authorities as referred to in Article 3 of Directive 2014/59/EU, the ECB, the Single Resolution Board as regards information relating to entities falling under the scope of Regulation (EU) No 806/2014, the ESRB and ENISA, as appropriate, may establish mechanisms to enable the sharing of effective practices across financial sectors to enhance situational awareness and identify common cyber vulnerabilities and risks across sectors. They may develop crisis management and contingency exercises involving cyber-attack scenarios with a view to developing communication channels and gradually enabling an effective coordinated response at Union level in the event of a major cross-border ICT-related incident or related threat having a systemic impact on the Union’s financial sector as a whole. Those exercises may, as appropriate, also test the financial sector’s dependencies on other economic sectors.
- 2.Competent authorities, ESAs and the ECB shall cooperate closely with each other and exchange information to carry out their duties pursuant to Articles 47 to 54. They shall closely coordinate their supervision in order to identify and remedy breaches of this Regulation, develop and promote best practices, facilitate collaboration, foster consistency of interpretation and provide cross-jurisdictional assessments in the event of any disagreements.
Relevant Recitals for this Article
To leverage the multi-layered institutional architecture in the financial services area, the Joint Committee of the ESAs should continue to ensure overall cross-sectoral coordination in relation to all matters pertaining to ICT risk, in accordance with its tasks on cybersecurity. It should be supported by a new Subcommittee (the ‘Oversight Forum’) carrying out preparatory work both for the individual decisions addressed to critical ICT third-party service providers, and for the issuing of collective recommendations, in particular in relation to benchmarking the oversight programmes for critical ICT third-party service providers, and identifying best practices for addressing ICT concentration risk issues.