DORA Regulation (2020-2023*)

REGULATION ON DIGITAL OPERATIONAL RESILIENCE IN THE FINANCIAL SECTORDIGITAL OPERATIONAL RESILIENCE ACT

[DORA]

Summary

DORA is part of the digital finance package announced by the European Commission. The aim of the new legislation is to regulate the management of the widely understood ICT (Information and Communications Technology) area by financial institutions.

Impact

DORA focuses on a holistic view of IT security issues in financial entities, with the intention to be the “code” of regulations for managing the ICT area in the financial sector by harmonizing the rules for ICT risk management, also on the basis of existing regulations.

The object of DORA is to regulate in detail the areas of ICT risk management, ICT incident reporting, digital resilience testing, information and data sharing, and third-party ICT risk management.

The impact of DORA will be directly felt not only among financial entities, but also third-party ICT service providers that until now have only been subject to indirect oversight through the supervision of outsourcing contracts. In compliance with DORA, competent authorities are vested with direct supervisory powers over these providers as well.

As a result, entities covered by DORA will need to implement an extensive ICT risk management framework. In addition, they should take appropriate measures, mainly review their incident reporting procedures, examine their activities in terms of compliance with the definition of a “key external ICT service provider” and follow the activities of the European Supervisory Authorities (ESAs) in publishing the Regulations clarifying the content of the Regulation (RTS).

Legislative work on the draft is still in progress and it seems feasible that it will be adopted in 2022 at the latest, which would mean that the new regulation could come into force in 2023, assuming that the 12-month vacatio legis included in the original draft is maintained.

DORA Regulation – what we provide
DORA Regulation – what we provide
DORA Regulation – FAQ
DORA Regulation – FAQ
DORA Regulation – impact and requirements
DORA Regulation – impact and requirements
DORA Regulation – table of contents
DORA Regulation – table of contents

MILESTONES CALENDAR

  • 09/24/2020 announcement of the draft DORA (go to draft page)
  • 11/24/2021 the Council adopted a position on the draft. The trilogue negotiations with the Parliament constitute the next stage of the work/li>
See also:
Crowdfunding Act (2021-2022*)

licence - requirements - supervision

Crowdfunding Act (2021-2022*)
MiCA Regulation (2020-2023*)

ICO - stablecoins - CASP

MiCA Regulation (2020-2023*)
Amendment of the general provisions on consumer rights

Omnibus - trade platforms - digital and commodities directive

Amendment of the general provisions on consumer rights
New Consumer Credit Directive (2021-2023*)

creditworthiness - ESG

New Consumer Credit Directive (2021-2023*)
Changes in banking and payment service outsourcing (2021-2022*)

outsourcing - sanctions - payment services

Changes in banking and payment service outsourcing (2021-2022*)
AML/CFT package (2021-2023*)

financial security measures - online ID - AMLA

AML/CFT package (2021-2023*)
Digital Single Market (2020-2023*)

DMA - DSA - DGA - eIDAS - AI

Digital Single Market (2020-2023*)

Contact us

Warsaw Office

Ogrodowa City Gate
ul. Ogrodowa 58
00-876 Warsaw

map > +48 22 652 26 18

Cracow Office

ul. Jana Kilińskiego 2
30-308 Cracow

map > +48 12 31 51 841