The European Union (EU) has formally adopted new regulation that will place additional cybersecurity and resilience requirements on financial institutions and their critical suppliers.
The Digital Operational Resilience Act (DORA) builds on existing institutional EU requirements that manage information and communication risks. It comes as the UK Government pursues similar legislation in the form of the UK Financial Services and Markets Bill, and other regulators globally follow suit.
Duncan McDonald, Global Head of Compliance Services at NCC Group explains what’s involved with the new regulation, who it will impact and how it will interact with the existing EU framework.
What is DORA?
In response to ongoing digital transformation and an evolution of new associated risks, DORA aims to harmonise Information and Communication Technology (ICT) risk requirements across the EU, by creating one unified approach between regulators and across the financial services industry.
The goal of the Act is to set uniform requirements for the security of network and information systems of almost all financial entities operating in the EU, as well as critical third parties which provide…
