DORA Regulation (2020-2023*)
REGULATION ON DIGITAL OPERATIONAL RESILIENCE IN THE FINANCIAL SECTORDIGITAL OPERATIONAL RESILIENCE ACT
DORA is part of the digital finance package announced by the European Commission. The aim of the new legislation is to regulate the management of the widely understood ICT (Information and Communications Technology) area by financial institutions.
DORA focuses on a holistic view of IT security issues in financial entities, with the intention to be the “code” of regulations for managing the ICT area in the financial sector by harmonizing the rules for ICT risk management, also on the basis of existing regulations.
The object of DORA is to regulate in detail the areas of ICT risk management, ICT incident reporting, digital resilience testing, information and data sharing, and third-party ICT risk management.
The impact of DORA will be directly felt not only among financial entities, but also third-party ICT service providers that until now have only been subject to indirect oversight through the supervision of outsourcing contracts. In compliance with DORA, competent authorities are vested with direct supervisory powers over these providers as well.
As a result, entities covered by DORA will need to implement an extensive ICT risk management framework. In addition, they should take appropriate measures, mainly review their incident reporting procedures, examine their activities in terms of compliance with the definition of a “key external ICT service provider” and follow the activities of the European Supervisory Authorities (ESAs) in publishing the Regulations clarifying the content of the Regulation (RTS).
Legislative work on the draft is still in progress and it seems feasible that it will be adopted in 2022 at the latest, which would mean that the new regulation could come into force in 2023, assuming that the 12-month vacatio legis included in the original draft is maintained.
DORA Regulation – what we provideDORA Regulation – what we provide
DORA Regulation – FAQDORA Regulation – FAQ
DORA Regulation – impact and requirementsDORA Regulation – impact and requirements
DORA Regulation – table of contentsDORA Regulation – table of contents
- 09/24/2020 announcement of the draft DORA (go to draft page)
- 11/24/2021 the Council adopted a position on the draft. The trilogue negotiations with the Parliament constitute the next stage of the work/li>
Crowdfunding Act (2021-2022*)
licence - requirements - supervisionCrowdfunding Act (2021-2022*)
MiCA Regulation (2020-2023*)
ICO - stablecoins - CASPMiCA Regulation (2020-2023*)
Amendment of the general provisions on consumer rights
Omnibus - trade platforms - digital and commodities directiveAmendment of the general provisions on consumer rights
New Consumer Credit Directive (2021-2023*)
creditworthiness - ESGNew Consumer Credit Directive (2021-2023*)
Changes in banking and payment service outsourcing (2021-2022*)
outsourcing - sanctions - payment servicesChanges in banking and payment service outsourcing (2021-2022*)
AML/CFT package (2021-2023*)
financial security measures - online ID - AMLAAML/CFT package (2021-2023*)
Digital Single Market (2020-2023*)
DMA - DSA - DGA - eIDAS - AIDigital Single Market (2020-2023*)