DORA ICT Incident Reporting — Article 19 + classification RTS
DORA ICT Incident Reporting — Article 19 + classification RTS — 75% covered.
4 requirements · 3 enforced · 0 designed · 0 advisory · 0 deferred.
Source: The Digital Operational Resilience Act (Regulation (EU) 2022/2554) requires financial entities to detect, manage, classify, and report major ICT-related incidents to competent authorities (Article 19), on a staged initial / intermediate / final report timeline, with root-cause analysis. KYE Protocol™ governs whether an AI-assisted containment action / incident classification / disclosure-timing decision under DORA may PROCEED to a consequential incident action — under a named accountable officer's authority, with chain-of-custody recorded for incident evidence, with a signed Evidence Pack, and a contestability record so the decision can be reconstructed and challenged. KYE does not detect the threat, run the SIEM/EDR, perform forensics, or determine the technical response. · License: DORA is an EU legislative act published in the Official Journal of the European Union; KYE registry paraphrases each requirement's intent and cites the official article identifier for mapping purposes only.
By category
| Category | Reqs | Enforced | Designed | Advisory | Deferred | Coverage |
|---|---|---|---|---|---|---|
| Named-authority on the containment / response action | 1 | 1 | 0 | 0 | 0 | 100% |
| Incident-evidence chain-of-custody & report integrity | 1 | 1 | 0 | 0 | 0 | 100% |
| Disclosure-timing authority on the staged reporting clock | 1 | 1 | 0 | 0 | 0 | 100% |
| Threat detection, forensics & remediation engineering | 1 | 0 | 0 | 0 | 0 | 0% |
Every requirement → the KYE™ artefact that enforces it
| ID | Title | Status | KYE™ enforcement |
|---|---|---|---|
dora-ict-incident.containment-action-authority |
An AI-assisted containment / response action proceeds only under a recorded named-authority decision | enforced | audit_events: kye.purpose.request.v1, kye.purpose.admissibility.v1, kye.evidence.decision_map.v1engines: internal, internalrule_packs: kye:rule-pack:cyber-resilience-incidentdictionaries: internalconstitution_refs: constitution/12-PURPOSE-PERMISSION.md |
dora-ict-incident.incident-evidence-integrity |
Incident evidence proceeds only with a recorded chain-of-custody and integrity record | enforced | audit_events: kye.evidence.decision_map.v1, kye.evidence.pack.v1engines: internalrule_packs: kye:rule-pack:cyber-resilience-incidentconstitution_refs: constitution/13-RESILIENCE-LOOP.md |
dora-ict-incident.staged-report-timing-authority |
Disclosure-timing on the staged reporting clock proceeds only under a recorded named-authority decision, contestable in a post-incident inquiry | enforced | audit_events: kye.purpose.admissibility.v1, kye.evidence.pack.v1, kye.replay.context_seal.v1, kye.replay.proof.v1engines: internal, internal, internalrule_packs: kye:rule-pack:cyber-resilience-incidentconstitution_refs: constitution/13-RESILIENCE-LOOP.md, constitution/21-DELEGATED-AUDITABILITY.md |
dora-ict-incident.threat-detection-forensics-remediation |
Threat detection, forensics, and remediation engineering | out-of-scope | (no enforcement cited) |