Digital Operational Resilience Act (DORA) Regulations and Directives

The Digital Operational Resilience Act, or DORA, is a European Union (EU) regulation that creates a binding, comprehensive information and communication technology (ICT) risk management framework for the EU financial sector. DORA establishes technical standards that financial entities and their critical third-party technology service providers must implement in their ICT systems.
In stock

Details

In order to achieve a high common level of digital operational resilience, this Regulation lays down uniform requirements concerning the security of network and information systems supporting the business processes of financial entities as follows:

  1. requirements applicable to financial entities in relation to:
    1. information and communication technology (ICT) risk management;
    2. reporting of major ICT-related incidents and notifying, on a voluntary basis, significant cyber threats to the competent authorities;
    3. reporting of major operational or security payment-related incidents to the competent authorities by financial entities referred to in Article 2(1), points (a) to (d);
    4. digital operational resilience testing;
    5.  information and intelligence sharing in relation to cyber threats and vulnerabilities;
    6.  measures for the sound management of ICT third-party risk;
  2.  requirements in relation to the contractual arrangements concluded between ICT third-party service providers and financial entities;
  3. rules for the establishment and conduct of the Oversight Framework for critical ICT third-party service providers when providing services to financial entities;
  4. rules on cooperation among competent authorities, and rules on supervision and enforcement by competent authorities in relation to all matters covered by this Regulation.

More Information

More Information
Jurisdiction European Union (EU)
Type Laws or related obligations