On 10 November 2022, the European Parliament adopted the Digital Operational Resilience Act. DORA is an EU regulation that sets out to establish a uniform and comprehensive framework for the digital operational resilience of the financial sector. Nearly all regulated financial entities are in scope of DORA. They will have to put in place sufficient safeguards to protect against cyber and other ICT risks, in their internal processes but also in their existing and new contracts with ICT service providers.
Not only financial entities are in scope. Those ICT service providers that are deemed ‘critical’ for the EU financial markets will become subject to direct oversight by an EU regulator. Financial entities will only have two years to implement DORA’s standards, with DORA expected to take effect at the end of 2024 or early 2025.
This article on our corporate website provides for a further introduction into DORA and the attached ‘one-pager’ includes a quick overview of DORA’s key elements.
Our Benelux Financial Law team is happy to discuss how we can support you in the run-up to the entry into force of DORA.
Source: NautaDutilh