On 2 July2024, the law implementing Regulation (EU) 2022/2554 of the European Parliament and of the Council of 14 December 2022 on the digital operational resilience of the financial sector (the “DORA Regulation“) was published in the Mémorial. This publication is an opportunity to take a full overview of DORA's requirements.
What is the DORA Regulation?
The DORA Regulation standardizes rules for digital operational resilience to improve performance and stability in the financial sector. Its goals is to ensure entities are well prepared to handle incidents related to network and information system security, maintaining their operational efficiency. The DORA Regulation affects around twenty types of entities, including banks, payment and electronic money institutions, account information service providers, and crypto-asset service providers.
The five pillars of DORA
The Regulation is based on five pillars to enable internal management of ICT-related incidents, penetration testing and prevention, as well as the introduction of controls on these entities through obligations to provide information and notify the competent authority.
The content of this article is intended to provide a general guide to the subject matter. Specialist advice should be sought about your specific circumstances.