Skip to main content
DORA Auditor

Competent Authority

Last updated: 1 authoritative sourceDORA Auditor Editorial Team

A competent authority is the national supervisor responsible for overseeing a financial entity's compliance with DORA. Article 46 designates which authority supervises each entity type, such as a national central bank, banking regulator, or securities and markets authority, and it is the body to which major ICT incidents are reported.

Detailed explanation

DORA is enforced through the existing network of sectoral supervisors rather than a single new regulator. Article 46 maps each category of financial entity to its competent authority: for example, credit institutions are typically supervised by their national banking authority (or the ECB for significant banks under the Single Supervisory Mechanism), insurers by their insurance regulator, and investment firms and crypto-asset service providers by their national securities and markets authority. Competent authorities receive major-incident reports, can request an entity's register of information, review resilience-testing programmes, conduct inspections, and impose administrative penalties and remedial measures for non-compliance. They coordinate through the European Supervisory Authorities (EBA, ESMA, and EIOPA), which issue the technical standards and guidelines that give DORA its operational detail. This is distinct from the separate EU-level Oversight Framework that applies directly to designated critical ICT third-party providers, where a Lead Overseer, not the national competent authority, holds the oversight powers.

In context

This term relates to the ICT Risk Management pillar and is grounded in DORA Article 46.

Related terms

Sources

  1. DORA Article 46, EUR-Lex