Skip to main content
DORA Auditor

Article 5: Governance and organisation

Last updated: 1 authoritative sourceDORA Auditor Editorial Team

Article 5 places ultimate responsibility for managing ICT risk on the management body of the financial entity. The board must define, approve, and oversee the ICT risk-management framework and maintain sufficient ICT knowledge.

Chapter II, ICT risk management · Pillar: ICT Risk Management

Key points

  • Management body bears ultimate accountability for ICT risk
  • Board must approve and oversee the ICT risk-management framework
  • Requires adequate ICT knowledge at board level

How this fits DORA

Article 5 sits within the ICT Risk Management pillar. For the full set of obligations and how they interlock, see the DORA requirements overview.

Read the official text

This is an editorial summary. Read the binding text of Article 5 in the consolidated regulation on EUR-Lex.

Sources

  1. Regulation (EU) 2022/2554 (DORA), EUR-Lex