The Digital Operational Resilience Act (DORA) aims to establish an EU legal framework on digital operational resilience for the financial sector. The legislative proposal was published by the EU Commission in September 2020 as part of a Digital Finance Package.
The aim of DORA is in particular to harmonize IT security regulations in the financial sector across Europe and to strengthen resilience. In the future, the reporting of serious information and communication technology (ICT) incidents is to be made only to a national authority. Furthermore, DORA now also includes ICT third-party service providers to a greater extent in the regulation.
The introduction of DORA will have far-reaching consequences for the financial sector. National regulations — such as BAIT, MaRisk or the IT Security Act for Critical Infrastructure Protection (KRITIS) — may be replaced or removed. The addressees are credit institutions, e‑money institutions, payment service providers, crypto custodians, auditors, and many more.
The regulation is expected to enter into force in 2022 or later. We will follow the developments in this area hand in hand with you and will gladly support you in the implementation of the regulatory requirements.