Meet Digital Operational Resilience Act (DORA). DORA, EU-wide legislation, is still a draft law; however, it aims to improve the cybersecurity resiliency of the financial services sector.
WALLESS experts share key information about DORA:
• DORA will apply to all companies providing financial services and third-party providers of critical information and communication technology (ICT) services;
• There will be some exceptions, however. DORA provides a light-touch regime for ICT risk management for small and non-interconnected institutions;
• DORA establishes and harmonizes requirements for the digital resilience of the EU’s financial services sector, obliging firms to ensure they can manage threats related to ICT;
• DORA includes requirements on ICT risk management, incident management, resilience testing, management of ICT third-party risk, and information sharing. More detailed technical standards and guidelines will be developed and published by EU regulators;
• DORA will apply from 17 January 2025. While it seems far away, the complexity of DORA requires taking action now;
• Violations of DORA will not only be subject to administrative but also to criminal liability. The Member States will determine the exact sanctions, but DORA will likely follow the path of the GDPR, and the sanctions will be dissuasive.
#fintech #cybersecurity #compliance