Skip to main content
DORA Auditor

DORA Incident Classifier

Answer the classification criteria below to estimate whether an ICT-related incident is major and reportable under DORA Articles 17–19, and see the reporting timeline.

Are critical or important functions/services affected?

Are critical or important functions/services affected?Gating criterion

Services whose disruption would materially impair the entity's financial performance or the soundness/continuity of its services.

Are clients or financial counterparts materially affected?

Are clients or financial counterparts materially affected?

e.g. above the RTS thresholds on the number/share of clients, counterparts, or transactions affected.

Is duration ≥ 24 hours or service downtime ≥ 2 hours?

Is duration ≥ 24 hours or service downtime ≥ 2 hours?

Time from the incident occurring to recovery, and downtime of an affected service.

Does it affect two or more EU member states?

Does it affect two or more EU member states?

Geographical spread of the incident's impact.

Are there data losses (availability, integrity, confidentiality, authenticity)?

Are there data losses (availability, integrity, confidentiality, authenticity)?

Any impact on data that has an adverse effect on the entity or its clients.

Does the economic impact reach the RTS threshold (≈ €100,000)?

Does the economic impact reach the RTS threshold (≈ €100,000)?

Direct and indirect costs and losses attributable to the incident.

Is there a material reputational impact?

Is there a material reputational impact?

e.g. media coverage, complaints, or loss of counterparties/clients beyond the incident itself.

This estimator is for educational guidance only and does not constitute a regulatory determination. Classify incidents against the applicable RTS and your competent authority's guidance.