Following its publication in the Official Journal of the European Union on 27 December 2022, the Digital Operational Resilience Act (DORA) and the DORA Amending Directive entered into force on 16 January 2023 and will apply from 17 January 2025.
DORA sets uniform requirements for the security of network and information systems of companies and organisations operating in the financial sector as well as critical third parties which provide Information Communication Technology (ICT)-related services to them, such as cloud platforms or data analytics services.
DORA creates a regulatory framework on digital operational resilience whereby all firms need to make sure they can withstand, respond to and recover from all types of ICT-related disruptions and threats. These requirements are homogenous across all EU member states. The core aim is to prevent and mitigate cyber threats.
In this e-briefing, we look at the background to DORA, the regulation itself, and the current status of the level two and three proposals as we approach DORA’s application in January 2025.