Chapter VII — Competent authorities
Cooperation with structures and authorities established by Directive (EU) 2022/2555
Summary
Requires competent authorities under DORA to cooperate with the authorities and structures established by the NIS 2 Directive (EU) 2022/2555, ensuring coordination between financial sector supervision and broader cybersecurity governance at national and EU level.
Key Requirements
- 1
Cooperation with NIS 2 Directive authorities and CSIRTs
- 2
Information exchange on cyber threats and incidents affecting financial entities
- 3
Coordination to avoid regulatory overlaps between DORA and NIS 2
- 4
Participation in relevant NIS 2 cooperation structures where appropriate
Detailed Analysis
Article 47 establishes the critical cooperation link between DORA and the NIS 2 Directive (EU) 2022/2555 — the EU's horizontal cybersecurity legislation. While DORA is the lex specialis for the financial sector, NIS 2 establishes broader cybersecurity obligations across essential and important sectors. This article ensures that the two frameworks complement rather than conflict with each other.
Competent authorities under DORA must cooperate and exchange information with the authorities designated under NIS 2, including national cybersecurity authorities and Computer Security Incident Response Teams (CSIRTs). This cooperation is essential because cyber threats do not respect sectoral boundaries — an attack targeting financial infrastructure may have indicators visible to national cybersecurity agencies, and vice versa.
The article addresses the practical reality that financial entities may be subject to both DORA and NIS 2 requirements. The cooperation framework ensures that supervisory activities are coordinated to avoid duplicative requirements and that information flows freely between the relevant authorities to maximize the effectiveness of both frameworks.
Ready to automate compliance with Article 47?
Valendir maps every DORA requirement to actionable controls, evidence, and workflows.