CELEX:32024R1942R(01)

This corrigendum corrects errors in the original text of the Digital Operational Resilience Act (DORA) Delegated Regulation 2024/1942, which specifies criteria for classifying ICT-related incidents. The corrections address technical inaccuracies in the annexes, particularly regarding thresholds for determining major incidents and reporting timelines. No new obligations are introduced; the changes ensure the regulation aligns with the intended legal framework.

All financial entities subject to DORA are affected, including banks, investment firms, payment institutions, and insurance companies. The corrigendum applies uniformly across the EU financial sector, with no sector-specific exemptions. Compliance teams must verify that their incident classification and reporting processes reference the corrected annexes, not the original erroneous version.

Compliance teams should immediately update internal documentation, incident response playbooks, and reporting templates to reflect the corrected thresholds. Review any incident reports submitted since the original regulation’s entry into force to ensure they align with the corrected criteria. Finally, brief relevant staff on the changes to avoid misclassification of future incidents.