IKT Asset
AIDORAdigital resilienceFinancial Sector

Navigating the New EU Regulation on Digital Operational Resilience (DORA)

The DORA regulation represents a significant step forward in enhancing digital resilience in the EU's financial sector.

Introduction

Regulation (EU) 2022/2554, commonly known as the Digital Operational Resilience Act (DORA), aims to establish a comprehensive framework to enhance the digital resilience of financial entities within the European Union. The regulation was adopted by the European Parliament and the Council on December 14, 2022.

Purpose of DORA

DORA seeks to ensure that financial institutions can withstand, respond to, and recover from all types of disruptions and threats related to information and communication technologies (ICT). This requires significant investments in both human and material resources.

Key Obligations

DORA imposes several key obligations on financial entities to bolster their digital operational resilience. These include:

  • Risk Management: Comprehensive management of risks associated with ICT service providers.
  • Contractual Requirements: New requirements for contracts with third-party ICT service providers.
  • Register Maintenance: Maintaining a register of information on contracts with these providers.

Impact on the Financial Sector

DORA will have far-reaching implications for financial institutions and their ICT providers. Notably, a new European supervisory framework for critical third-party ICT service providers will be introduced, coming into effect in 2025.

Conclusion

The DORA regulation represents a crucial step towards enhancing digital resilience in the financial sector and will fundamentally change how financial institutions manage ICT risks.