Information Sharing under DORA
Last updated: 1 authoritative sourceDORA Auditor Editorial Team
DORA's information-sharing pillar (Article 45) enables, but does not mandate, financial entities to exchange cyber threat information and intelligence within trusted communities to strengthen collective resilience.
What can be shared
Indicators of compromise, tactics, techniques and procedures, alerts, and configuration tools, provided the exchange protects confidentiality, complies with data-protection law, and is governed by clear arrangements.
Frequently asked questions
Is information sharing mandatory under DORA?
No. Article 45 makes it voluntary, within trusted arrangements that protect confidentiality and comply with GDPR.