Dora aims to establish a comprehensive framework to ensure the effective management of information and communication technology (ICT) and cybersecurity risks within European financial institutions
The Digital Operational Resilience Act (Dora) is a framework introduced by the European Union (EU) to enhance the digital operational resilience of financial institutions. It came into force on January 16, 2023, with a compliance deadline of January 2025 for organisations . Let’s delve into what Dora compromises of and its implications for the financial sector.
What is Dora?
Dora aims to establish a comprehensive framework to ensure the effective management of information and communication technology (ICT) and cybersecurity risks within European financial institutions. This includes managing risks associated with third-party ICT providers.
Key Areas Covered By Dora
1. ICT Risk Management: Financial entities must define and implement arrangements related to ICT risk management.
2. Reporting ICT Incidents: Establishing processes to detect and report ICT-related incidents promptly.
3. Digital Operational Resilience Testing: Implementing measures to detect, manage, and address ICT-related incidents effectively.
4. Management of Third-Party Risk: Integrating ICT third-party risk management within the overall ICT risk framework.
5. Information Sharing: Facilitating the exchange of cyber threat information among financial entities.
Scope of Application
Dora applies to various financial actors, including credit institutions, payment institutions, insurance companies, and crypto-asset service providers. It also regulates critical third-party ICT providers, such as cloud computing services and data analytics providers, but excludes hardware component providers.
Impact On Financial Institutions
Financial entities need to conduct due diligence on existing contracts with third-party ICT service providers and ensure compliance with contractual provisions. Dora particularly benefits small and medium-sized banks by providing oversight of cloud service providers and enabling access to advanced computing capabilities.
Addressing Operational Risks
The financial sector in the EU faces significant costs associated with operational incidents, ranging from €2 billion to €27 billion annually. Dora aims to mitigate these risks and reduce the impact of cyber incidents by establishing standardised incident reporting procedures.
Enhancing Efficiency and Supervision
Dora aims to reduce the administrative burden on financial institutions and enhance supervisory efficiency through standardised incident reporting procedures.
The Digital Operational Resilience Act (Dora) is a vital step towards strengthening the digital operational resilience of European financial institutions. By effectively managing ICT and cybersecurity risks, Dora aims to promote a safer and more resilient financial sector in the EU.
