As part of its Digital Finance Package published in September 2020 the EU Commission has proposed new Regulation, commonly known as Digital Operational Resilience Act (DORA) that shall bring existing sector specific requirements on digital operational resilience onto higher legislative footing and create a harmonized regulatory framework for the management of Information and communications technology (ICT) risks.
The new framework has a very broad scope of application and catches almost every corner of the financial services industry in the EU. However, the scope of application of DORA is not limited to the regulatory perimeter of the EU financial services legislation: service providers providing information-communication technology (ICT) services to regulated entities will likewise be impacted by the new rules, with larger technology providers being exposed for the first time to a specific type of a new supervisory framework.
DORA will become operational as of 17 January 2025 and the industry has ever less time to prepare for the new framework. Due to a high level of complexity of the new rules as well as significant effort that entities need to put in the implementation process, in particular on the technical an operational front, preparation for the go-live date appears to be everything but an easy task to achieve.
Join our experts Verena Ritter-Döring and Miroslav Đurić, LL.M., from Taylor Wessing who provide you with an overview of the new regulatory requirements and some key challenges and practical considerations that both financial institutions and ICT service provider shall keep in mind in the course of the DORA implementation process.