CELEX:32024R1689R(04)

This is a corrigendum to the Digital Operational Resilience Act (DORA), specifically correcting errors in the original text of Regulation (EU) 2024/1689. The corrections address technical inaccuracies in the legal provisions, likely related to definitions, reporting timelines, or procedural requirements for ICT risk management and incident reporting. No new obligations are introduced; the changes clarify existing rules to ensure consistent interpretation across member states.

All financial entities subject to DORA are affected, including banks, investment firms, payment institutions, insurance companies, and critical ICT third-party service providers. The corrigendum applies uniformly across the EU financial sector, with no sector-specific exemptions. Compliance teams should verify that their internal policies, contracts, and incident reporting procedures align with the corrected text, particularly if they rely on specific articles or annexes that were amended.

Compliance teams should immediately review the corrigendum against their current DORA implementation plans. Update any affected documentation, such as risk management frameworks, contractual clauses with ICT providers, and incident notification templates. Ensure that staff training materials reflect the corrected language. Finally, monitor the European Supervisory Authorities’ guidance for any further clarifications tied to these corrections.