payment service providers

The development of the DORA Compliance Level Self-Assessment Survey

Banking & Fintech IT & Outsourcing Online & eCommerce

We advised payment service providers in:

The development of the DORA Compliance Level Self-Assessment Survey provided by
the Polish Financial Supervision Authority

The Regulation on Operational Digital Resilience for the Financial Sector (DORA) shall apply from 17 January 2025. The new rules will constitute a code of conduct for the broader area of ICT security (Information and Communication Technologies) and the use of ICT by financial entities. On the basis of DORA, regulatory technical standards, implementing technical standards and delegated acts will be issued to supplement the provisions of the described act.

In addition, DORA provides simplifications or exemptions of a different nature for selected categories of entities, e.g. for small payment institutions or financial entities that are micro-enterprises within the meaning of DORA.

Adaptation to these requirements by financial entities will require, among other things:

  1. auditing existing ICT procedures and solutions,
  2. amending or supplementing existing or preparing new ICT procedures and solutions,
  3. a review of contracts with external suppliers to determine whether they are ICT TPSP contracts within the meaning of DORA,
  4. align ICT TPSP contracts within the meaning of DORA with the requirements of this regulation,
  5. ensure that future contracts with ICT TPSPs comply with DORA.

Separately, the Polish Financial Supervision Authority (PFSA) has developed a DORA Compliance Level Self-Assessment Survey to collect quantitative and qualitative information on the level of compliance with the requirements under the DORA Regulation and to assess the preparedness of financial entities to manage the risks associated with the technologies used.

DLK’s advisory included:

  • to determine whether and from which simplifications or exemptions under DORA a financial entity may benefit,
  • to identify compliance with each of the DORA requirements taking into account the information received and the financial entity’s internal documentation (strategies, policies, procedures and mechanisms, etc. of the financial entity),
  • identification of gaps in compliance with DORA requirements (so-called ‘gap report’) and actions necessary to comply with DORA requirements.

Lawyers involved in the project:

Bartosz Wyżykowski

Bartosz Wyżykowski
attorney-at-law, partner Bartosz Wyżykowski

Daria Trzeszczkowska

Daria Trzeszczkowska
trainee attorney-at-law, associate Daria Trzeszczkowska

Banking & Fintech

See sector

Banking & Finance

IT & Outsourcing

See sector

Telecommunications

Online & eCommerce

See sector

Online & eCommerce

Also check

#Banking & Fintech #Online & eCommerce #Retail

Reservise sp. z o.o.

Entry in the register of issuers of so-called “Limited Network” instruments

Entry in the register of issuers of so-called “Limited Network” instruments

#Banking & Fintech

Polish VASPs (Virtual Asset Service Providers)

Removal from the VASP registry

Removal from the VASP registry

#Banking & Fintech #IT & Outsourcing

provider of PSD2's open banking services

Open Finance (FIDA)

Open Finance (FIDA)

Contact us

Warsaw Office

Ogrodowa City Gate
ul. Ogrodowa 58
00-876 Warsaw

map > +48 22 652 26 18
map >

Cracow Office

ul. Jana Kilińskiego 2
30-308 Cracow

map > +48 12 31 51 841
map >