“DORA” – New EU bureaucracy or practical benefits in the financial sector?

“DORA” – New EU bureaucracy or practical benefits in the financial sector?

With DORA, Regulation (EU) 2022/2554 on digital operational resilience in the financial sector (Digital Operational Resilience Act), the European Union has created a financial sector-wide regulation for cybersecurity, ICT risks and digital operational resilience. This regulation is intended to make a significant contribution to strengthening the European financial market against cyber risks and information and communication technology (ICT) incidents. Almost all supervised institutions and companies in the European financial sector are subject to DORA. DORA also brings together various requirements for institutions and companies in terms of cyber security, ICT risks and digital operational resilience. BaFin and the Deutsche Bundesbank are also preparing for DORA – in particular by adapting their supervisory and administrative practices and implementing IT processes and systems as part of DORA. For example, the financial supervisory authority BaFin in Germany will become the national reporting hub for ICT incidents in the financial sector. BaFin also receives notifications as part of ICT third-party management, which institutions and companies are obliged to do, and analyzes them with regard to potential risks for the financial sector. BaFin supports supervised companies in the implementation of DORA – for example with events and discussions with experts.

-> Further information <-