Article 19: Reporting of major ICT-related incidents
Last updated: 1 authoritative sourceDORA Auditor Editorial Team
Article 19 requires financial entities to report major ICT-related incidents to the relevant competent authority through a harmonised process: an initial notification, an intermediate report, and a final report, on deadlines set in the technical standards.
Chapter III, ICT-related incident management · Pillar: ICT Incident Reporting
Key points
- Mandates reporting of major incidents to competent authorities
- Three-stage flow: initial, intermediate, final report
- Uses harmonised templates and deadlines
How this fits DORA
Article 19 sits within the ICT Incident Reporting pillar. For the full set of obligations and how they interlock, see the DORA requirements overview.
Read the official text
This is an editorial summary. Read the binding text of Article 19 in the consolidated regulation on EUR-Lex.