CELEX:32024R1991R(05)

AI Analysis

This corrigendum, published on 13 May 2026, corrects technical errors in the original Digital Operational Resilience Act (DORA) Delegated Regulation 2024/1991, which specifies criteria for classifying ICT-related incidents and establishing thresholds for major incidents. The corrections clarify reporting obligations and align definitions with the parent regulation, ensuring consistent application across the financial sector.

The change affects all financial entities subject to DORA, including banks, investment firms, payment institutions, insurance companies, and critical ICT third-party service providers. These organisations must review their incident classification and reporting processes to ensure they reflect the corrected thresholds and definitions, as non-compliance could lead to regulatory penalties.

Compliance teams should immediately update their internal incident management policies and procedures to incorporate the corrigendum’s clarifications. They should also retrain relevant staff on the revised classification criteria and verify that their reporting templates and automated systems align with the corrected text. Finally, teams should monitor for any further guidance from competent authorities on implementation timelines.