What it is
CDOL2 is the second Card Risk Management Data Object List, describing the data the terminal must supply in the second GENERATE ACApplication CryptogramA cryptogram the card generates to approve or decline a transaction: TC (approve offline), ARQC (go online), or AAC (decline). — the one issued after an online authorisation. It usually includes the Authorisation Response Code (8A) and issuer authentication data (91).
Where it appears
Read from the card record files; consumed by the terminal to build GENERATE ACApplication CryptogramA cryptogram the card generates to approve or decline a transaction: TC (approve offline), ARQC (go online), or AAC (decline). (2).
Specification reference
Defined in: EMV 4.x Book 3 (Application Specification), Annex A — Data Element Dictionary