DORA-Art23-P1

Article
23 (1)
Pillar
ICT Incident Detection & Reporting
Regulation Ref
Regulation (EU) 2022/2554, Article 23(1)
Last Reviewed
2026-01-15

Financial entities may, on a voluntary basis, notify significant cyber threats to the relevant competent authority when they deem the threat to be of relevance to the financial system, service users or clients.

Evidence Profiles

Voluntary Cyber Threat Notification RARE

XML-structured notification for voluntary reporting of significant cyber threats to competent authorities as permitted by DORA Article 23.

Formats
XML
Evidence Class
cyber-threat-notification
Availability
RARE
Update Frequency
event-driven
Typical Author
Threat Intelligence Analyst
Approval Chain
Threat Intelligence Analyst → CISO

Content Sections

Expected Fields

Common Quality Issues

Fact Schemas

cyber_threat_notification_status

Schema ID
fs-cyber-threat-notification
Control
DORA-Art23-P1

Valid Ranges

notification_date
timely relative to threat discovery
ioc_count
at least 1 for actionable notification

JSON Schema

{
  "properties": {
    "has_indicators_of_compromise": {
      "type": "boolean"
    },
    "ioc_count": {
      "minimum": 0,
      "type": "integer"
    },
    "mitigations_recommended": {
      "type": "boolean"
    },
    "notification_date": {
      "format": "date",
      "type": "string"
    },
    "potential_impact_assessed": {
      "type": "boolean"
    },
    "shared_with_community": {
      "type": "boolean"
    },
    "threat_severity": {
      "enum": [
        "low",
        "medium",
        "high",
        "critical"
      ],
      "type": "string"
    },
    "threat_type": {
      "enum": [
        "ransomware",
        "ddos",
        "supply_chain",
        "phishing",
        "insider_threat",
        "zero_day",
        "other"
      ],
      "type": "string"
    }
  },
  "required": [
    "notification_date",
    "threat_type",
    "threat_severity",
    "has_indicators_of_compromise"
  ],
  "type": "object"
}