Overview of the Application of DORA as of 17 January 2025

Home » News » Overview of the Application of DORA as of 17 January 2025

Enhancing Preparedness Against ICT Threats in the Financial Sector

On 17 January 2025, the Regulation (EU) 2022/2554 of the European Parliament and of the Council of 14 December 2022 on digital operational resilience for the financial sector (DORA) will begin to apply, which will affect the majority of companies in the financial sector. Today, payment service providers, credit institutions and investment firms are covered by the EBA ICT guideline EBA/GL/2019/04 while insurance and reinsurance companies are covered by EIOPA's ICT guideline EIOPA-BoS-20/600. DORA unifies the regulatory framework for ICT security, and as a result, actors whose activities were not previously covered by the framework (e.g. companies dealing with cryptocurrencies and cloud services) will also comply with DORA.

The overall aim of DORA is to strengthen preparedness against ICT threats in the financial sector, with a focus on minimising disruptions to the most critical financial systems and ensuring their continuity and availability. To achieve this, DORA requires financial firms to develop carefully crafted business continuity and crisis plans, clearly allocate responsibilities within the organisation and establish clear lines of communication. In addition, DORA emphasises the importance of managing third-party risks, particularly with regard to the risk of relying on external systems and the potential lack of transparency.

Published ITSs, RTSs and Guidelines

The table below lists the published ITSs, RTSs and guidelines that complement DORA. A number of these are finalised and already published in the Official Journal, while the rest are either awaiting translation into other EU languages or awaiting approval from the European Commission. Whatever the status, you can consult the current versions and plan how your organisation can act in line with the new rules.

Article in DORAContentsStatus
Article 28.9ITS to establish templates for information repositoriesAdopted by the EBA and submitted to the European Commission
Art. 15 & 16RTS specifying tools, methods, processes and strategies for ICT risk management and the simplified ICT risk management frameworkPublished in the Official Journal
Article 18.3RTS on classification criteria for major ICT-related incidentsPublished in the Official Journal
Art. 28(10)RTS specifying the detailed content of the guidelines for contractual arrangements on the use of ICT services supporting critical or essential functions provided by third-party ICT service providersPublished in the Official Journal
Article 11.11Guidelines on the estimation of aggregated annual costs and losses caused by large ICT-related incidentsFinalised version and awaiting translation into EU languages
Art. 32.7Guidelines on the co-operation between ESAs and local supervisory authorities on supervision.Finalised version and awaiting translation into EU languages
Art. 20.aRTS to specify the content and reporting timeline for major ICT-related incidentsAdopted by the EBA and submitted to the European Commission
Art. 20.bITS to establish forms, templates and procedures for reporting major ICT-related incidentsAdopted by the EBA and submitted to the European Commission
Art. 26.11RTS for more detailed threat image-led penetration testingAdopted by the EBA and submitted to the European Commission
Art. 30.5RTS for detailed information on outsourced critical or important functionsAdopted by the EBA and submitted to the European Commission
Article 41RTS for more detailed information regarding the supervision carried outAdopted by the EBA and submitted to the European Commission

Next Steps

With DORA coming into force soon, now is the time to consider how your business may be affected. At NFC, we can support you with questions about how the introduction of DORA will affect your business and what changes you need to make to fulfil the new requirements. Read more about our regulatory advice services or contact us below to find out more!

Contact us
Share the post:

Related Posts

Scroll to Top