Go to content
Digitale cloudbeveiliging
News 27/06/24

DORA update: Management, classification and reporting of ICT-related incidents

The Dutch Authority for the Financial Markets (AFM) publishes the fourth DORA update in which the substantive aspects of the Digital Operational Resilience Act (DORA) are explained. In this guide we discuss ICT-related incidents. In order to limit the effects of these incidents, it is important that they are adequately detected, handled and reported.

DORA has been in force since January 2023. DORA is a European regulation aimed at helping financial organizations better manage IT risks and thus become more resilient to cyber threats.

Management of ICT-related incidents

In order to limit the effects of ICT-related incidents, it is important that they are adequately detected and handled. This requires a robust management process, consistent classification and registration, and reporting to the regulator. This contributes to greater digital resilience of companies.

This DORA update takes a closer look at the management of ICT incidents, the classification and registration of ICT incidents and the reporting of serious ICT incidents and significant cyber threats.

The requirements applicable to ICT-related incidents are described in the regulation in Chapter III (Article 17-23). In addition, some of the requirements are further elaborated in the RTS for Article 15, 18(3), 20(a) and the ITS for Article 20(b).

Supervision of the regulation

Companies have until January 2025 to comply with the regulations. DORA will then officially apply and the AFM and DNB will supervise the regulation. DORA-related requirements from existing legislation and regulations already apply to some of the companies.

Contact for this article


Would you like to receive the latest news from AFM?

Subscribe to our newsletter, we will keep you up-to-date.