Art 17 - ICT-related incident management process

Article 17 of the EU Digital Operational Resilience Act obliges financial entities to set up a documented ICT-related incident management process covering detection, classification, response, recovery and reporting. It requires timely notification to competent authorities, coordination with third-party providers and regular testing to ensure resilience against cyber and system disruptions.