Compliance Library Blog Product Sign In
EU-DORA-19-11 Requirement 19 — Reporting of major ICT-related incidents and voluntary notification of significant cyber threats

Remain responsible for reporting when outsourcing to third party

Description

When financial entities outsource reporting obligations to a third-party service provider, they must remain fully responsible for fulfilling the incident reporting requirements.

Full Analysis & Evidence Requirements

Sign in to view the full obligation text, AI-generated applicability analysis, evidence checklists, and compliance mapping.

Sign In to View

Related Obligations

EU-DORA-19-01 Reporting

Report major ICT-related incidents to competent authority
EU-DORA-19-02 Reporting

Report major ICT incidents to ECB (significant credit institutions)
EU-DORA-19-03 Documentation

Produce initial notification and reports using templates
EU-DORA-19-04 Requirement

Use alternative notification means when template submission impossible
EU-DORA-19-05 Transparency

Include significance and cross-border impact information in reports
EU-DORA-19-06 Transparency

Inform clients about major ICT incidents without undue delay
EU-DORA-19-07 Transparency

Inform clients about protection measures for cyber threats
EU-DORA-19-08 Reporting

Submit initial notification within prescribed time limits
EU-DORA-19-09 Reporting

Submit intermediate reports upon status changes
EU-DORA-19-10 Reporting

Submit final report after root cause analysis completion

Map this obligation to your AI systems

ReguLume automatically maps regulatory obligations to your system inventory, identifies compliance gaps, and generates remediation plans.

Get Started

Start your compliance assessment

Map obligations to your AI systems, identify gaps, and generate board-ready reports. Plans start at $149/mo.

Get Started