# Art. 1 — Subject matter 1. In order to achieve a high common level of [digital operational resilience](https://www.mica.wtf/definitions/definitions/dora/digital-operational-resilience), this Regulation lays down uniform requirements concerning the [security of network and information systems](https://www.mica.wtf/definitions/definitions/dora/security-of-network-and-information-systems) supporting the business processes of financial entities as follows: 1. requirements applicable to financial entities in relation to: 1. information and communication technology (ICT) risk management; 2. reporting of [major ICT-related incidents](https://www.mica.wtf/definitions/definitions/dora/major-ict-related-incident) and notifying, on a voluntary basis, [significant cyber threats](https://www.mica.wtf/definitions/definitions/dora/significant-cyber-threat) to the competent authorities; 3. reporting of [major operational or security payment-related incidents](https://www.mica.wtf/definitions/definitions/dora/major-operational-or-security-payment-related-incident) to the competent authorities by financial entities referred to in [Article 2(1)](/dora/digital-operational-resilience-act/chapter-i-general-provisions/article-2-scope.md), points (a) to (d); 4. [digital operational resilience](https://www.mica.wtf/definitions/definitions/dora/digital-operational-resilience) testing; 5. information and intelligence sharing in relation to [cyber threats](https://www.mica.wtf/definitions/definitions/dora/cyber-threat) and [vulnerabilities](https://www.mica.wtf/definitions/definitions/dora/vulnerability); 6. measures for the sound management of [ICT third-party risk](https://www.mica.wtf/definitions/definitions/dora/ict-third-party-risk); 2. requirements in relation to the contractual arrangements concluded between [ICT third-party service providers](https://www.mica.wtf/definitions/definitions/dora/ict-third-party-service-provider) and financial entities; 3. rules for the establishment and conduct of the Oversight Framework for [critical ICT third-party service providers](https://www.mica.wtf/definitions/definitions/dora/critical-ict-third-party-service-provider) when providing services to financial entities; 4. rules on cooperation among competent authorities, and rules on supervision and enforcement by competent authorities in relation to all matters covered by this Regulation. 2. In relation to financial entities identified as essential or important entities pursuant to national rules transposing Article 3 of Directive (EU) 2022/2555, this Regulation shall be considered a sector-specific Union legal act for the purposes of Article 4 of that Directive. 3. This Regulation is without prejudice to the responsibility of Member States' regarding essential State functions concerning public security, defence and national security in accordance with Union law. --- # Agent Instructions: Querying This Documentation If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question. Perform an HTTP GET request on the current page URL with the `ask` query parameter: ``` GET https://www.mica.wtf/dora/digital-operational-resilience-act/chapter-i-general-provisions/article-1-subject-matter.md?ask= ``` The question should be specific, self-contained, and written in natural language. The response will contain a direct answer to the question and relevant excerpts and sources from the documentation. Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.