CELEX:32024R2952R(02)

This is a corrigendum to the Digital Operational Resilience Act (DORA), specifically correcting a technical error in the original Regulation 2024/2952. The correction addresses a misalignment in the annexes related to the classification of ICT-related incidents and their reporting thresholds. No substantive policy or compliance obligations have changed; the amendment ensures the legal text accurately reflects the intended scope of reporting requirements for major incidents.

The corrigendum affects all financial entities already subject to DORA, including banks, investment firms, payment institutions, insurance companies, and critical ICT third-party service providers. It does not expand the regulated population but clarifies existing obligations for those entities required to report major ICT incidents to competent authorities under Articles 18 and 19 of DORA.

Compliance teams should verify that their incident classification and reporting procedures align with the corrected annexes, particularly the criteria for determining a major incident. No new action is required beyond updating internal documentation and ensuring that any automated reporting systems reference the corrected legal text. Teams should also confirm that their regulatory reporting templates match the amended thresholds to avoid inadvertent non-compliance.