DORA: New Digital Resilience in the Financial Sector
On 14 December 2022, the European Parliament and the European Council adopted Regulation (EU) 2022/2554 on digital operational resilience in the financial sector (DORA). It entered into force on 17 January 2023 and will apply from 17 January 2025. The EU Commission presented the proposal for DORA on 24 September 2020 as part of a package on the digitalization of the financial sector, which also includes a legislative act on markets for crypto assets (MiCAR), a pilot project for DLT-based market infrastructures, and a strategy for digital financial systems.
DORA aims to protect the financial sector, which is highly dependent on information and communication technology (ICT), from ICT risks and sets out rules for their management, cyber incident reporting, operational resilience testing, and third-party monitoring. It harmonizes rules for 20 different types of financial institutions and third-party ICT service providers to ensure resilience against serious operational disruptions. As a «lex specialis», DORA will replace all overlapping legal texts, such as the NIS Directive (Network and Information Security Directive), and serve as the primary point of reference for compliance by financial institutions.
Detailed information on this topic can be found in the guest article by Ivica Kuzmic in the current edition of PAY.