Exercise of the power to impose administrative penalties and remedial measures


TL;DR The Digital Operations Resilience Act from EU outlines the process for competent authorities to exercise their powers to impose administrative penalties and remedial measures, such as directly, in collaboration with other authorities, under their responsibility by delegation to other authorities, or through judicial authorities. When determining the type and level of an administrative penalty or remedial measure, the authority must consider the extent of the breach, the responsible natural or legal person's responsibility, profits gained or avoided, and any losses to third parties. Additionally, the authority may consider a person's level of cooperation and any prior breaches.
  1. Competent authoritiesas defined in Article 46 shall exercise the powers to impose administrative penalties and remedial measures referred to in Article 50 in accordance with their national legal frameworks, where appropriate, as follows:

    1. directly;

    2. in collaboration with other authorities;

    3. under their responsibility by delegation to other authorities; or

    4. by application to the competent judicial authorities.

  2. Competent authoritiesas defined in Article 46, when determining the type and level of an administrative penalty or remedial measure to be imposed under Article 50, shall take into account the extent to which the breach is intentional or results from negligence, and all other relevant circumstances, including the following, where appropriate:

    1. the materiality, gravity and the duration of the breach;

    2. the degree of responsibility of the natural or legal person responsible for the breach;

    3. the financial strength of the responsible natural or legal person;

    4. the importance of profits gained or losses avoided by the responsible natural or legal person, insofar as they can be determined;

    5. the losses for third parties caused by the breach, insofar as they can be determined;

    6. the level of cooperation of the responsible natural or legal person with the competent authorityas defined in Article 46, without prejudice to the need to ensure disgorgement of profits gained or losses avoided by that natural or legal person;

    7. previous breaches by the responsible natural or legal person.