DORA Regulation – Digital Operational Resilience Act

European Regulation 2554/2022 on Digital Operational Digital Resilience in the Financial Sector (DORA) was formalised at the end of 2022 and is to apply from 17 January 2025.

The DORA Regulation applies, for example, to credit institutions, payment institutions, account information service providers, electronic money institutions and investment firms.

In order to achieve a high common level of digital operational resilience, the DORA Regulation establishes uniform requirements for the security of networks and information systems underpinning the operational processes of financial entities, as follows:

Requirements applicable to financial entities in relation to:

information and communication technology (ICT) risk management
reporting major ICT incidents and voluntarily notifying the competent authorities of any significant cyber threats
reporting by credit institutions, payment institutions, account information service providers and electronic money institutions to the competent authorities of any major payment-related operational or security incidents
testing of digital operational resilience
sharing of intelligence and operational data on cyber threats and vulnerabilities
measures for the proper management of ICT risks generated by third parties

Requirements in relation to contractual arrangements between third party ICT service providers and financial entities
Rules on the establishment and conduct of the supervisory framework for essential third-party ICT service providers when providing services to financial entities
Rules on cooperation between competent authorities and rules on supervision and enforcement by competent authorities in relation to all aspects covered by the DORA Regulation

Source: Regulation (EU) No. 2022/2554 of the European Parliament and of the Council of 14 December 2022 regarding financial sector digital resilience and amending Regulations (EC) No. 1060/2009, (EU) No. 648/2012, (EU) No. 600/2014, (EU) No. 909/2014 and (EU) 2016/1011