This Practice Note outlines the key requirements of Regulation (EU) 2022/2554 (the Digital Operational Resilience Act or DORA) and Directive (EU) 2022/2556 amending certain Directives as regards digital operational resilience for the financial sector (the Amending Directive).
What is DORA?
On 24 September 2020, the European Commission published proposals for a Regulation on digital operational resilience for the financial sector(the Digital Operational Resilience Act or DORA) and a Directive amending digital operational resilience requirements in directives 2006/43/EC, 2009/65/EC, 2009/138/EU, 2011/61/EU, EU/2013/36, 2014/65/EU, (EU) 2015/2366 and EU/2016/2341 (the Amending Directive). These proposals were part of the Commission’s Digital Finance Package.
DORA is designed to consolidate and upgrade Information Communication Technologies (ICT) risk requirements throughout the EU financial sector to ensure that a very wide range of participants of the financial system are subject to a common set of standards to mitigate ICT risks for their operations. Specifically, DORA establishes requirements for dedicated ICT risk management capabilities, reporting of major ICT-related incidents, digital operational resilience testing, management by financial entities of ICT third-party risk, as well as information sharing among financial entities.
In
Access this content for free with a 7 day trial of LexisNexis and benefit from:
- Instant clarification on points of law
- Smart search
- Workflow tools
- 42 practice areas
Get your quote today and take step closer to being able to benefit from:
- Instant clarification on points of law
- Smart search
- Workflow tools
- 36 practice areas
Get a LexisNexis quote
* denotes a required field
To view the latest version of this document and thousands of others like it,
sign-in with LexisNexis or register for a free trial.
CONTACT US
