SECURITY
Digital Operational Resilience Act (DORA)
SECURITY
Digital Operational Resilience Act (DORA)
Origin
Regulation (EU) 2022/2554 on digital operational resilience for the financial sector
General overview
DORA sets out uniform requirements for the security of network and information systems of organisations operating in the financial sector, as well as third parties that provide information communication technologies (ICT) related services to them.
DORA creates a regulatory framework on digital operational resilience whereby all financial entities need to make sure they can withstand, respond to, and recover from all types of ICT-related disruptions sand threats. These requirements are homogenous across all EU member states.
The core aim of DORA is to prevent and mitigate cyber threats in the financial sector. It also aims to create a consistent incident reporting mechanism that aims to reduce administrative burdens for financial entities and strengthen supervisory effectiveness within the EU.
DORA is complemented by Directive (EU) 2022/2556.
Status
Regulation will apply across the EU from 17 January 2025
Member States must transpose the accompanying Directive into national law by 17 January 2025
17 January 2024 - ESAs published first set of rules for ICT & third-party risk management & incident classification
REGULATION APPLIES
FROM 17 JAN 2025