by Andria Papageorgiou

COMPLIANCE, CYSEC, REGULATORYMay 10, 20240 comments

DORA: Why it is relevant & why is it relevant to you?

The Digital Operational Resilience Act (DORA) is a significant development in EU regulation, compelling financial entities to ensure consistent cybersecurity and operational resilience maturity levels across all their operations within the EU. With a two-year preparatory phase, organizations face a significant task of implementation and demonstration of compliance.

To navigate this transition effectively, financial institutions must conduct comprehensive gap assessments to gauge their readiness vis-à-vis DORA, identifying areas necessitating further investment and prioritization. Proactively addressing these gaps positions businesses to meet more complex requirements such as supply risk management, threat intelligence, and advanced security testing, thus gaining a competitive edge in the market.

DORA marks a substantial shift for entities under ESMA or EIOPA supervision and banks already subject to existing EBA guidelines on banking supervision. Moreover, it extends its scope to encompass previously less regulated stakeholders in the financial sector, including crypto-asset service providers, intermediaries managing alternative investment funds, crowdfunding service providers, cloud-service providers, and ICT third-party service providers.

One of DORA’s key focuses is on third-party risk management, necessitating entities to ensure the resilience of their critical ICT third-party service providers. This requires close collaboration and joint efforts to satisfy regulatory expectations, particularly in supporting the delivery of essential business services.

DORA officially entered into force at the beginning of 2023, initiating a two-year implementation period. Financial entities are thus expected to achieve compliance with the regulation by early 2025. As this deadline approaches, proactive engagement with DORA compliance becomes essential to avoid penalties and maintain operational continuity.

In light of these developments, Andria Papageorgiou Law Firm is committed to assisting organizations in navigating the complexities of DORA compliance. With our outsourced DPO services and regulatory compliance consulting, tailored to address the specific requirements of DORA, we ensure that businesses are well-equipped to meet regulatory obligations and uphold operational resilience in an evolving digital landscape.

Contact us today at info@apapageorgiou.com to learn more about how we can support your journey toward DORA compliance.

Disclaimer: The information contained in this article is provided for informational purposes only, and should not be construed as financial or investment or legal advice on any matter. Andria Papageorgiou Law Firm is not responsible for any actions (or lack thereof) taken as a result of relying on or in any way using information contained in this article and in no event shall be liable for any damages resulting from reliance on or use of this information.