DORA, which is scheduled to take effect by January 17, 2025, is a transformative legislative framework designed to harmonize and fortify the EU’s financial cybersecurity landscape.
Until now, risk management regulations across EU-member states aimed at ensuring organizations had sufficient financial resources to cope with operational risk. However, disparities between nations and overlapping regulations created challenges within the financial services industry. DORA is poised to bridge these gaps, remove overlaps, and eliminate conflicting regulations. It offers a unified approach to risk management in the digital era.
DORA comprises five integral parts:
- ICT Risk Management
- ICT-Related Incident Reporting
- Digital Operational Resilience Testing
- ICT Third-Party Risk Providers
- Information Sharing
It’s important to note that DORA’s scope is far-reaching, encompassing a wide array of institutions in the EU. Traditional financial entities such as banks, investment firms, and credit institutions are included. Moreover, non-traditional entities like crypto-asset service providers and crowdfunding platforms are subject to its provisions. Even entities that do not adhere to traditional financial regulations, such as third-party service providers, credit rating services, and data analytics providers, must comply with DORA.
The introduction of the Digital Operational Resilience Act represents a significant step towards bolstering the EU’s cybersecurity infrastructure. It aims to create a cohesive and resilient framework that will safeguard financial entities and their digital operations.
As regulators start enforcing DORA on its licensees, Kyte is well positioned to help such companies get compliant, either by providing consultancy or by conducting a gap analysis to identify areas for improvement. Contact us if you would like to learn more about DORA.