30. September 2024
Reading Time: 2
Min.
news
DORA Regulation – Digital Operational Resilience Act
European Regulation 2554/2022 on Digital Operational Digital Resilience in the Financial Sector (DORA) was formalised at the end of 2022 and is to apply from 17 January 2025.
The DORA Regulation applies, for example, to credit institutions, payment institutions, account information service providers, electronic money institutions and investment firms.
In order to achieve a high common level of digital operational resilience, the DORA Regulation establishes uniform requirements for the security of networks and information systems underpinning the operational processes of financial entities, as follows:
- Requirements applicable to financial entities in relation to:
- information and communication technology (ICT) risk management
- reporting major ICT incidents and voluntarily notifying the competent authorities of any significant cyber threats
- reporting by credit institutions, payment institutions, account information service providers and electronic money institutions to the competent authorities of any major payment-related operational or security incidents
- testing of digital operational resilience
- sharing of intelligence and operational data on cyber threats and vulnerabilities
- measures for the proper management of ICT risks generated by third parties
- Requirements in relation to contractual arrangements between third party ICT service providers and financial entities
- Rules on the establishment and conduct of the supervisory framework for essential third-party ICT service providers when providing services to financial entities
- Rules on cooperation between competent authorities and rules on supervision and enforcement by competent authorities in relation to all aspects covered by the DORA Regulation
Source: Regulation (EU) No. 2022/2554 of the European Parliament and of the Council of 14 December 2022 regarding financial sector digital resilience and amending Regulations (EC) No. 1060/2009, (EU) No. 648/2012, (EU) No. 600/2014, (EU) No. 909/2014 and (EU) 2016/1011