Chapter IV - Digital Operational Resilience Testing

Chapter IV of the Digital Operational Resilience Act sets out requirements for testing the robustness of ICT systems in the financial sector. It obliges firms to carry out regular, structured testing-including threat-led penetration testing and scenario-based assessments-to verify that they can withstand cyber-incidents and operational disruptions, and to report results to competent authorities.