Digital Operational Resilience Act (DORA)
The Digital Operational Resilience Act ("DORA") is a European regulation aiming to enhance the digital resilience of financial entities. It focuses on minimizing digital risks within the financial sector, ensuring that financial entities can withstand and recover from operational disruptions caused by cyberattacks, technical failures, or other digital threats.
DORA was officially adopted by the European Council and the European Parliament in 2022. The regulation will come into effect on 17 January 2025, following a two-year implementation period. From this date, its rules will be binding on all covered entities. The new compliance requirements introduced by DORA will apply to a broad spectrum of financial entities, including managers of alternative investment funds (AIFMs), investment firms, banks, insurance companies and reinsurers, payment service providers, central securities depositories, crypto-asset service providers, and critical ICT service providers that support the financial sector (including cloud providers).
DORA topics
Digital Operational Resilience Act (DORA): Impact on the funds sector
DORA implementation plan
DNB provides guidance on how to prepare for DORA
AFM draws attention to preparation for DORA
Changes to the regulatory landscape
DORA brings significant changes to the regulatory landscape of financial institutions in relation to ICT risk management. CMS lawyers have recently been working together to give their perspectives on various facets of this comprehensive legislation. This webpage serves as a reference for the articles and videos, allowing you to keep abreast of developments in relation to DORA.
At CMS, we provide comprehensive DORA-related legal services tailored to ensure your compliance with these new regulations. We provide services a wide portfolio of clients in the regulated financial sector and to ICT providers in and outside the European Union. We advise a range of major international banks, insurers, fund managers and ICT providers on the operational resilience, and critical third party, requirements.
Contact
Should you have any questions regarding the Digital Operational Resilience Act ("DORA"), or for legal support pertaining to DORA, please contact us.
Newsletter
Sign up to receive the most relevant updates about the latest developments in the sector and participate in our upcoming (online) events.
