Disclaimer: Information found on CryptoreNews is those of writers quoted. It does not represent the opinions of CryptoreNews on whether to sell, buy or hold any investments. You are advised to conduct your own research before making any investment decisions. Use provided information at your own risk.
CryptoreNews covers fintech, blockchain and Bitcoin bringing you the latest crypto news and analyses on the future of money.
On January 17, 2025, the Digital Operational Resilience Act (DORA) came into effect across the European Union, establishing standardized cybersecurity and digital risk management requirements for all financial institutions, including their essential third-party providers.
Under the Digital Operational Resilience Act, financial institutions throughout the EU are mandated to implement comprehensive measures to address digital risks and ensure operational continuity, even in the event of significant disruptions to their IT systems.
The DORA goes beyond the limited scope of cybersecurity, functioning as a robust regulatory framework that requires financial institutions to demonstrate preparedness for any operational interruptions related to information and communications technologies (ICT). Regulators highlight the following key aspects:
Related Posts
- ICT risk management. Banks, insurance companies, investment funds, and other entities must establish structured policies and procedures for ICT risk management, including assessment, prevention, and ongoing monitoring of incidents.
- Third-party oversight. The DORA applies to critical ICT service providers, such as cloud service providers, software developers, and outsourcing firms. Starting in 2025, financial organizations may only engage with suppliers that comply with information security standards like ISO 27001 and SOC 2.
- Unified approach to digital resilience. The DORA sets a standard for ICT risk management, similar to how the General Data Protection Regulation (GDPR) established a global benchmark for data protection.
- Documentation and compliance evidence. Instead of imposing rigid instructions, the DORA necessitates continuous monitoring and evidence of digital resilience. Organizations must be prepared to provide documentation at any time, ranging from qualitative recovery time metrics to audit reports on contractor performance.
The DORA aims to enhance the digital landscape within the financial sector, reducing risks and creating a level playing field. For organizations that prepare in advance, the new regulation is anticipated to serve as a catalyst for bolstering operational resilience and reputation. According to PwC, over 22,000 financial firms and ICT service providers are subject to the DORA.
The new Instant Payments Regulation (IPR) took effect on January 9, 2025, requiring all payment providers in the EU to ensure that incoming credit payments are processed within 10 seconds.
The message Digital Operational Resilience Act Takes Effect in EU first appeared on CoinsPaid Media.
