Lexparency.org
Deutsch
Español
Regulation (EU) 2022/2554 of the European Parliament and of the Council of 14 December 2022
On digital operational resilience for the financial sector
and amending Regulations (EC) No 1060/2009, (EU) No 648/2012, (EU) No 600/2014, (EU) No 909/2014 and (EU) 2016/1011 (Text with EEA relevance)- Recitals
CHAPTER I — General provisions- CHAPTER II — ICT risk management
- Section I
- Section II
- Article 6 — ICT risk management framework
- Article 7 — ICT systems, protocols and tools
- Article 8 — Identification
- Article 9 — Protection and prevention
- Article 10 — Detection
- Article 11 — Response and recovery
- Article 12 — Backup policies and procedures, restoration and recovery procedures and methods
- Article 13 — Learning and evolving
- Article 14 — Communication
- Article 15 — Further harmonisation of ICT risk management tools, methods, processes and policies
- Article 16 — Simplified ICT risk management framework
- CHAPTER III — ICT-related incident management, classification and reporting
- Article 17 — ICT-related incident management process
- Article 18 — Classification of ICT-related incidents and cyber threats
- Article 19 — Reporting of major ICT-related incidents and voluntary notification of significant cyber threats
- Article 20 — Harmonisation of reporting content and templates
- Article 21 — Centralisation of reporting of major ICT-related incidents
- Article 22 — Supervisory feedback
- Article 23 — Operational or security payment-related incidents concerning credit institutions, payment institutions, account information service providers, and electronic money institutions
- CHAPTER IV — Digital operational resilience testing
- CHAPTER V — Managing of ICT third-party risk
- Section I — Key principles for a sound management of ICT third-party risk
- Section II — Oversight Framework of critical ICT third-party service providers
- Article 31 — Designation of critical ICT third-party service providers
- Article 32 — Structure of the Oversight Framework
- Article 33 — Tasks of the Lead Overseer
- Article 34 — Operational coordination between Lead Overseers
- Article 35 — Powers of the Lead Overseer
- Article 36 — Exercise of the powers of the Lead Overseer outside the Union
- Article 37 — Request for information
- Article 38 — General investigations
- Article 39 — Inspections
- Article 40 — Ongoing oversight
- Article 41 — Harmonisation of conditions enabling the conduct of the oversight activities
- Article 42 — Follow-up by competent authorities
- Article 43 — Oversight fees
- Article 44 — International cooperation
- CHAPTER VI — Information-sharing arrangements
- CHAPTER VII — Competent authorities
- Article 46 — Competent authorities
- Article 47 — Cooperation with structures and authorities established by Directive (EU) 2022/2555
- Article 48 — Cooperation between authorities
- Article 49 — Financial cross-sector exercises, communication and cooperation
- Article 50 — Administrative penalties and remedial measures
- Article 51 — Exercise of the power to impose administrative penalties and remedial measures
- Article 52 — Criminal penalties
- Article 53 — Notification duties
- Article 54 — Publication of administrative penalties
- Article 55 — Professional secrecy
- Article 56 — Data Protection
- CHAPTER VIII — Delegated acts
- CHAPTER IX — Transitional and final provisions
- Section I
- Section II — Amendments
- Article 59 — Amendments to Regulation (EC) No 1060/2009
- Article 60 — Amendments to Regulation (EU) No 648/2012
- Article 61 — Amendments to Regulation (EU) No 909/2014
- Article 62 — Amendments to Regulation (EU) No 600/2014
- Article 63 — Amendment to Regulation (EU) 2016/1011
- Article 64 — Entry into force and application
- Final