‘EU Dora’ is the answer from the European Commission to the rising tide of cyber risks facing financial institutions with resilient ICTs. It introduces mandatory measures for organisations to strengthen their digital operational resilience.
The full name is “Regulation (EU) 2022/2554 of the European Parliament and of the Council of December 14 2022 on digital operational resilience for the financial sector and amending Regulations (EC) No 1060/2009, (EU) No 648/2012, (EU) No 600/2014, (EU) No 909/2014 and (EU) 2016/1011 (Text with EEA relevance)”.
In this article, we examine the essence of DORA, who it affects, and the critical steps toward compliance, which will become necessary by 2025.
Key Points on EU DORA Regulation
-
The European Union Digital Operational Resilience Act (DORA) from the three European supervisory authorities and the European Banking Authority aims to enhance financial entities’ cybersecurity and ICT risk management within the EU, requiring them to implement detailed ICT risk frameworks and incident reporting protocols.
-
DORA encompasses a wide range of financial institutions. It includes a clear timeline for implementation, with the operational…
