What is the Digital Operational Resilience Act (DORA)?
The Digital Operational Resilience Act, or DORA, is a European Union (EU) regulation that creates a mandatory, thorough information and communication technology (ICT) risk management framework for the EU financial sector. This includes a Regulation and a Directive on digital operational resilience. DORA must be implemented in ICT systems by January 17, 2025.
What is its purpose?
DORA has two main objectives: to comprehensively address ICT risk management in the financial services sector and to harmonize the ICT risk management regulations that already exist in individual EU member states.
DORA aims to strengthen resilience, dependability and continuity of financial services throughout the EU.
Who is affected?
DORA applies to all financial institutions in the EU. It covers:
- Banks
- Credit Unions
- Trading floors
- Payment institutions
- Account information service providers
- Electronic money institutions
- Investment firms
- Crypto-asset service providers and issuers of asset-referenced tokens
- Central securities depositories
- Central counterparties
- Trade repositories
- Trade repositories
- Managers of alternative investment funds
- Management companies
- Data reporting service providers
- Insurance and reinsurance undertakings
- Insurance intermediaries, reinsurance intermediaries and ancillary insurance intermediaries
- Institutions for occupational retirement provision
- Credit rating agencies
- Administrators of critical benchmarks
Crowdfunding service providers
It also applies to third-party service providers to financial firms.
What do I need to do for my communications technology to comply?
That is a complex question, talk to an evcoms consultant today so we can better understand your business and provide tailored solutions.
