DORA Regulation – FAQ
- What entities will be covered by DORA?
- The catalog of entities covered by DORA is set forth in Article 2. These include, but are not limited to: credit institutions; payment institutions and electronic money institutions; investment firms; providers of cryptoassets; issuers of cryptoassets; issuers of asset-linked tokens and issuers of significant asset-linked tokens; alternative investment fund managers; information sharing providers; insurance and reinsurance companies; insurance intermediaries; auditors and audit firms; and crowdfunding service providers.
- Since when is it necessary to implement DORA?
- Under the current wording of Rule 56, financial entities will be required to apply DORA 12 months after the effective date of the regulation.
- What are the criteria for qualifying external ICT service providers as “key service providers”?
- The criteria are specified in detail in Article 28(2) of DORA. For instance, these include the systemic impact on the stability, continuity or quality of financial services and the systemic nature or importance of the financial entities that use the services of a particular external ICT service provider.