IKT Asset
AIDORAdigital resilienceEU regulationsICT management

Navigating the New EU Regulation on Digital Operational Resilience (DORA)

The DORA regulation represents a significant step forward in enhancing digital resilience in the EU's financial sector.

Introduction

Regulation (EU) 2022/2554, commonly known as the Digital Operational Resilience Act (DORA), was adopted by the European Parliament and the Council on December 14, 2022. Its aim is to establish a comprehensive framework to ensure that financial entities can withstand, respond to, and recover from all types of ICT-related disruptions and threats.

Key Requirements

DORA expands its scope and imposes stricter requirements on financial institutions and their ICT providers. Key obligations include:

  • Strengthening digital operational resilience through comprehensive risk management.
  • Managing risks related to third-party ICT service providers, including new contractual requirements.
  • Maintaining a register of information on contracts with these providers.

Impact on the Industry

The regulation will require substantial investments in human and material resources to meet the new regulatory parameters. Starting in December 2023, organizations subject to DORA will need to comply with these requirements to ensure their operational resilience.

Conclusion

DORA is a crucial step towards enhancing digital security in the EU's financial sector and will fundamentally change how financial institutions manage ICT risks.