The Digital Operational Resilience Act (DORA) aims to establish an EU legal framework on digital operational resilience for the financial sector. The legislative proposal was published as part of a Digital Finance Package by the EU Commission in September 2020.

The aim of DORA is in particular to harmonize IT security regulations in the financial sector across Europe and to strengthen resilience. In the future, serious information and communications technology (ICT) incidents are to be reported only to a national authority. Furthermore, DORA now also includes ICT third-party service providers in the regulation to a greater extent.

The introduction of DORA will have far-reaching consequences for the financial sector. National regulations – such as BAIT, MaRisk, or the IT Security Act for the Protection of Critical Infrastructures (KRITIS) – will be replaced or deleted if necessary. The addressees are credit institutions, e-money institutions, payment service providers, crypto custodians, auditors, and many more.

The regulation is expected to enter into force in 2022 or later. We follow the developments in this area together with you and are happy to support you in implementing the regulatory requirements.