On the 10th of November 2022, the European Parliament has adopted its position at first reading in relation to the Digital Operational Resilience Act (“DORA”).
First published by the European Commission on 24th September 2020, DORA is part of the EU’s Digital Finance Package. It has been introduced by the European Union (“EU”) as a response to the increasing ICT-related threats and disruptions within the financial sector. With its introduction, DORA will provide a harmonised framework and united standards for the security of ICT systems of companies and organisations operating in the financial sector, as well as third party providers. To this end, the five key requirements of DORA are the following:
- ICT Risk Management, by maintaining reliable systems and mechanisms to identify and mitigate potential threats;
- ICT Incident Reporting, by implementing an effective management process to monitor, classify, and report ICT threats and incidents to the relevant authorities;
- Digital Operational Resilience Training, by performing adequate resilience training on the critical ICT systems of the entities, as well as addressing any vulnerabilities;
- Information and Intelligence Sharing, whereby entities are encouraged to share cybersecurity information and intelligence; and
- ICT Third-Party Risk Management, whereby critical ICT third-party provides must be regulated by a European Supervisory Authority.
Feel free to contact us for assistance or more information on the above.