1.   By 17 January 2028, the Commission shall, after consulting the ESAs and the ESRB, as appropriate, carry out a review and submit a report to the European Parliament and the Council, accompanied, where appropriate, by a legislative proposal. The review shall include at least the following: (a) the criteria for the designation of critical ICT third-party service providers in accordance with Article 31(2); (b) the voluntary nature of the notification of significant cyber threats referred to in Article 19; (c) the regime referred to in Article 31(12) and the powers of the Lead Overseer provided for in Article 35(1), point (d), point (iv), first indent, with a view to evaluating … Continue reading Article 58 DORA – Review clauseRead More →