CELEX:32024R2076R(07)

This is a corrigendum, published on 20 April 2026, correcting the original text of Commission Delegated Regulation (EU) 2024/2076, which supplements the Digital Operational Resilience Act (DORA). The correction addresses technical errors in the regulatory technical standards (RTS) concerning the classification of ICT-related incidents and the reporting thresholds for major incidents. Specifically, it clarifies the calculation methodology for determining whether an incident meets the “significant impact” criteria, and corrects inconsistencies in the annexes related to incident reporting templates.

All financial entities subject to DORA are affected, including banks, investment firms, payment institutions, insurance and reinsurance undertakings, and critical ICT third-party service providers. The corrigendum does not introduce new obligations but ensures the correct interpretation of existing reporting requirements, which apply to entities across all EU member states.

Compliance teams should immediately review the corrected text to ensure their incident classification and reporting processes align with the updated thresholds and calculation methods. Update internal policies, incident response playbooks, and any automated reporting tools to reflect the corrected definitions. Finally, verify that staff responsible for incident reporting are aware of these clarifications to avoid misreporting or regulatory penalties.