CELEX:32024R1745R(10)

This is a corrigendum to the Commission Delegated Regulation (EU) 2024/1745, which supplements the Digital Operational Resilience Act (DORA) regarding ICT risk management. Published on 29 April 2026, it corrects technical errors in the original text, specifically in the annexes related to the classification of ICT incidents and the reporting templates. The changes are minor and editorial in nature, ensuring that the regulatory text accurately reflects the intended requirements for incident reporting and threat-led penetration testing.

The corrigendum affects all financial entities subject to DORA, including banks, investment firms, payment institutions, insurance companies, and critical ICT third-party service providers. It does not introduce new obligations but clarifies existing ones, so any entity that has already implemented DORA-compliant incident reporting procedures should verify that their internal templates and classification criteria align with the corrected annexes.

Compliance teams should immediately review the corrected annexes in the corrigendum and update their internal incident classification and reporting documentation accordingly. They should also ensure that any automated reporting systems or third-party vendor tools are reconfigured to match the corrected templates. No new implementation timeline is provided, as this is a correction of existing law, so teams should treat this as an immediate compliance requirement.