The European Council has formally adopted the Digital Operational Resilience Act (DORA), which aims to make sure the financial sector in Europe is able to stay resilient through a severe operational disruption. This is the final step in the legislative process.
DORA sets uniform requirements for the security of network and information systems of companies and organizations operating in the financial sector as well as critical third parties which provide ICT-related services to them.
DORA creates a regulatory framework on digital operational resilience whereby all firms need to make sure they can withstand, respond to and recover from all types of ICT-related disruptions and threats. These requirements are homogenous across all EU member states. The core aim is to prevent and mitigate cyber threats.
Now that DORA has been adopted, aspects that require national transposition will be passed into law by each EU member state. At the same time, the relevant European Supervisory Authorities (ESAs), such as the European Banking Authority (EBA), the European Securities and Markets Authority (ESMA) and the European Insurance and Occupational Pensions Authority (EIOPA), will develop technical standards for all financial services institutions to comply with.
The respective national competent authorities will take the role of compliance oversight and enforce the regulation as necessary.