CELEX:32024R3005R(01)

On 5 May 2026, the European Commission published a corrigendum to the Digital Operational Resilience Act (DORA), formally referenced as CELEX:32024R3005R(01). This correction addresses technical errors in the original regulation, including misaligned cross-references, typographical errors, and inconsistencies in definitions related to ICT risk management and incident reporting. The corrigendum does not introduce new substantive obligations but ensures the legal text is accurate and enforceable as intended.

All financial entities subject to DORA are affected, including banks, investment firms, payment institutions, insurance companies, and critical ICT third-party service providers. The corrigendum clarifies obligations for these entities, particularly around the classification of ICT incidents, testing of digital resilience, and the management of third-party risk. Any organization that has already implemented DORA compliance measures should review their internal policies to ensure alignment with the corrected text.

Compliance teams should immediately verify that their current DORA implementation references the corrected version of the regulation. They should update internal documentation, training materials, and incident reporting templates to reflect any revised definitions or cross-references. Additionally, teams should monitor for any subsequent regulatory technical standards that may be impacted by this corrigendum, and ensure that contractual agreements with ICT providers are consistent with the corrected requirements.