Skip to main content
DORA Auditor

Article 3: Definitions

Last updated: 1 authoritative sourceDORA Auditor Editorial Team

Article 3 defines the key terms used throughout DORA, including 'ICT risk', 'ICT-related incident', 'critical or important function', and, at Article 3(21), 'ICT third-party service provider'. These definitions anchor the scope of every subsequent obligation.

Chapter I, General provisions

Key points

  • Defines ICT risk and ICT-related incident
  • Defines 'critical or important function'
  • Article 3(21) defines ICT third-party service provider

Read the official text

This is an editorial summary. Read the binding text of Article 3 in the consolidated regulation on EUR-Lex.

Sources

  1. Regulation (EU) 2022/2554 (DORA), EUR-Lex