Get ready for DORA: an act that will affect the financial sector’s cybersecurity operations

2023 02 02
Meet Digital Operational Resilience Act (DORA). DORA, EU-wide legislation, is still a draft law; however, it aims to improve the cybersecurity resiliency of the financial services sector.
WALLESS experts share key information about DORA:
• DORA will apply to all companies providing financial services and third-party providers of critical information and communication technology (ICT) services;
• There will be some exceptions, however. DORA provides a light-touch regime for ICT risk management for small and non-interconnected institutions;
• DORA establishes and harmonizes requirements for the digital resilience of the EU’s financial services sector, obliging firms to ensure they can manage threats related to ICT;
• DORA includes requirements on ICT risk management, incident management, resilience testing, management of ICT third-party risk, and information sharing. More detailed technical standards and guidelines will be developed and published by EU regulators;
• DORA will apply from 17 January 2025. While it seems far away, the complexity of DORA requires taking action now;
• Violations of DORA will not only be subject to administrative but also to criminal liability. The Member States will determine the exact sanctions, but DORA will likely follow the path of the GDPR, and the sanctions will be dissuasive.
#fintech #cybersecurity #compliance

WALLESS Weekly Review

Subscribe and receive the summary of the Lithuanian Supreme Court's rulings every week in your inbox. The information is prepared by the WALLESS Arbitration and Dispute Resolution Team.

Please note that review is in Lithuanian.