# Art. 22 — Supervisory feedback 1. Without prejudice to the technical input, advice or remedies and subsequent follow-up which may be provided, where applicable, in accordance with national law, by the CSIRTs under Directive (EU) 2022/2555, the competent authority shall, upon receipt of the initial notification and of each report as referred to in [Article 19(4)](/dora/digital-operational-resilience-act/chapter-iii-ict-related-incident-classification-reporting/article-19-reporting-of-major-incidents.md), acknowledge receipt and may, where feasible, provide in a timely manner relevant and proportionate feedback or high-level guidance to the financial entity, in particular by making available any relevant anonymised information and intelligence on similar threats, and may discuss remedies applied at the level of the financial entity and ways to minimise and mitigate adverse impact across the financial sector. Without prejudice to the supervisory feedback received, financial entities shall remain fully responsible for the handling and for consequences of the [ICT-related incidents](https://www.mica.wtf/definitions/definitions/dora/ict-related-incident) reported pursuant to [Article 19(1)](/dora/digital-operational-resilience-act/chapter-iii-ict-related-incident-classification-reporting/article-19-reporting-of-major-incidents.md). 2. The ESAs shall, through the [Joint Committee](https://www.mica.wtf/definitions/definitions/dora/joint-committee), on an anonymised and aggregated basis, report yearly on [major ICT-related incidents](https://www.mica.wtf/definitions/definitions/dora/major-ict-related-incident), the details of which shall be provided by competent authorities in accordance with [Article 19(6)](/dora/digital-operational-resilience-act/chapter-iii-ict-related-incident-classification-reporting/article-19-reporting-of-major-incidents.md), setting out at least the number of [major ICT-related incidents](https://www.mica.wtf/definitions/definitions/dora/major-ict-related-incident), their nature and their impact on the operations of financial entities or clients, remedial actions taken and costs incurred. The ESAs shall issue warnings and produce high-level statistics to support ICT threat and [vulnerability](https://www.mica.wtf/definitions/definitions/dora/vulnerability) assessments. --- # Agent Instructions: Querying This Documentation If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question. Perform an HTTP GET request on the current page URL with the `ask` query parameter: ``` GET https://www.mica.wtf/dora/digital-operational-resilience-act/chapter-iii-ict-related-incident-classification-reporting/article-22-supervisory-feedback.md?ask= ``` The question should be specific, self-contained, and written in natural language. The response will contain a direct answer to the question and relevant excerpts and sources from the documentation. Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.