Skip to main content
DORA Auditor

Article 19: Reporting of major ICT-related incidents

Last updated: 1 authoritative sourceDORA Auditor Editorial Team

Article 19 requires financial entities to report major ICT-related incidents to the relevant competent authority through a harmonised process: an initial notification, an intermediate report, and a final report, on deadlines set in the technical standards.

Chapter III, ICT-related incident management · Pillar: ICT Incident Reporting

Key points

  • Mandates reporting of major incidents to competent authorities
  • Three-stage flow: initial, intermediate, final report
  • Uses harmonised templates and deadlines

How this fits DORA

Article 19 sits within the ICT Incident Reporting pillar. For the full set of obligations and how they interlock, see the DORA requirements overview.

Read the official text

This is an editorial summary. Read the binding text of Article 19 in the consolidated regulation on EUR-Lex.

Sources

  1. Regulation (EU) 2022/2554 (DORA), EUR-Lex