In the era of intensive digitalization, the financial sector of the European Union faces the challenge of ensuring a high level of security and stability of its services. In an effort to address growing cyber and operational threats, the European Commission has introduced the Digital Operational Resilience Act (DORA) regulation. This legal act is a key component of the digital transformation strategy for the financial sector, aimed at increasing resilience to ICT-related risks.
Contents:
1. What is the DORA regulation?
2. When will DORA come into force?
3. Obligations that DORA brings
4. Benefits of DORA
What is the DORA regulation?
DORA Regulation (the Digital Operational Resilience Act), adopted at the end of 2022, is a European legal act aimed at strengthening the operational digital resilience of the financial sector. Its key objective is to increase the security and stability of the financial market in the European Union by unifying the principles of risk management related to information and communication technologies (ICT).
This regulation imposes obligations on all entities in the financial sector, including banks, insurers, investment funds and financial service providers, obliging them to meet certain requirements regarding cybersecurity and operational risk management. DORA also introduces an EU-wide supervisory framework for key external ICT service providers, with the purpose of ensuring consistency and integrity of operations across the financial market.
When will DORA come into force?
The DORA regulation officially entered into force on January 16, 2023, but its full application will begin on January 17, 2025. In the meantime, there is a 24-month vacatio legis period, which gives financial institutions time to adapt their activities to the new requirements. This transition period allows financial sector entities and ICT service providers to thoroughly understand and implement the DORA provisions. The final date for any adjustment activities is January 17, 2025 - by that date, all entities covered by the regulation must have fully implemented the appropriate mechanisms and procedures in line with its requirements.
Obligations that DORA brings
The DORA regulation means obliging financial institutions to:
- Creating a comprehensive ICT risk management framework that includes cybersecurity policies, business continuity plans and backup strategies;
- Regular testing of systems and applications to assess their resilience to incidents;
- Managing risks associated with external ICT service providers, which requires assessing suppliers' compliance with DORA requirements, conducting audits and certifications, and discontinuing cooperation with suppliers that do not comply with the regulations;
- Reporting serious ICT incidents to the relevant supervisory authorities;
- romoting the exchange of information on cyber threats between financial entities.
In order to meet these requirements, institutions must allocate budget and staff resources appropriately and conduct regular staff training. Thanks to this, organizations will strengthen their resistance to threats and build customer trust.
Benefits of DORA
The implementation of the DORA regulation brings numerous benefits to the financial sector. It increases digital security by establishing rigorous ICT risk management standards and incident reporting requirements. Financial institutions gain a comprehensive legal framework to help them prepare for cyber threats and minimize their risks. DORA increases transparency of the activities of external ICT service providers and promotes the exchange of information on cyberthreats, creating a stronger support network between financial entities. Unifying regulation at the EU level increases consumer and investor confidence in the financial system, which promotes its stability and development.
Don't waste time auditing and certifying suppliers - use our platform to maintain compliance with DORA
