DORA Regulation and Amending Directive published on the Official Journal of the EU

On the 27th of December 2022, the Regulation (EU) 2022/2554 and Amending Directive (EU) 2022/2556 on Digital Operational Resilience for the Financial Sector were both published on the Official Journal of the European Union (“EU”) and will enter into force on the 16th of January 2023. This development comes after the provisional agreement reached on the Digital Operational Resilience Act (“DORA”) earlier in 2022.

DORA was firstly proposed in September 2020 by the European Commission, aiming to develop uniform requirements throughout the EU for the security of network and information systems of companies and organisations which operate in the financial sector, as well as critical third parties which provide Information Communication Technologies (“ICT”) related services, such as cloud platforms and data analytic services. Therefore, the DORA framework introduced the Regulation (EU) 2022/2554 and Amending Directive (EU) 2022/2556 in order to create a regulatory regime on digital operational resilience, with the purpose of preventing and mitigating cyber threats by requiring firms to ensure that they can withstand, respond to, and recover from ICT-related threats and disruptions.

The Regulation (EU) 2022/2554 will become applicable on the 17th January 2025, whereas with regard to the Amending Directive (EU) 2022/2556, the Member States must have adopted and published the measures necessary to be in compliance with it by the 17th of January 2025 as well.

Feel free to contact us for assistance or more information on the above.