Chapter VII — Competent authorities
Competent authorities
Summary
Identifies and designates the competent authorities responsible for ensuring and monitoring compliance with DORA by financial entities within each Member State. Establishes the allocation of supervisory responsibilities across national regulators.
Key Requirements
- 1
Member States must designate competent authorities for DORA supervision
- 2
Competent authorities must have all necessary powers for their tasks
- 3
Allocation of supervisory responsibilities for different entity types
- 4
Member States must notify designated authorities to the Commission and ESAs
Detailed Analysis
Article 46 designates the competent authorities responsible for supervising compliance with DORA across Member States. Each Member State must identify which national authorities are responsible for overseeing the various types of financial entities within its jurisdiction, ensuring that every in-scope entity has a clearly identified supervisor for DORA purposes.
The article recognizes that different types of financial entities may fall under different national supervisory authorities. For example, credit institutions may be supervised by central banks or dedicated banking supervisors, while insurance undertakings fall under insurance supervisory authorities. DORA requires Member States to clearly allocate these responsibilities and communicate them to the European Commission and the relevant ESAs.
Competent authorities must be granted all the powers necessary to carry out their supervisory tasks under DORA. This includes the ability to assess ICT risk management frameworks, evaluate incident reporting compliance, review third-party risk management arrangements, and verify digital operational resilience testing programmes. The article ensures that supervisory mandates are comprehensive and that no gaps exist in the oversight architecture.
Ready to automate compliance with Article 46?
Valendir maps every DORA requirement to actionable controls, evidence, and workflows.