In brief
2025 brings new ICT related rules for EU financial institutions
Regulation (EU) 2022/2554, commonly known as the Digital Operational Resilience Act (DORA), represents a significant step forward in enhancing the digital resilience of the financial sector within the European Union. Adopted by the European Parliament and the Council on 14 December 2022, DORA aims to establish a comprehensive framework to ensure that financial entities can withstand, respond to, and recover from all types of ICT-related disruptions and threats. The regulation entered into force on 17 January 2025, and applies directly across all EU member states.
In the digital age, Information and Communication Technology (ICT) supports complex systems used for everyday activities. It keeps our economies running in key sectors, including the financial sector, and enhances the functioning of the internal market. Increased digitalization and interconnectedness also amplify ICT risk, making society as a whole, and the financial system in particular, more vulnerable to cyber threats or ICT disruptions.
Until now, financial institutions were required to comply with the European Banking…
