Jan 13, 2023
DORA in a Nutshell
The Digital Operational Resilience Act (DORA) is a new regulation that aims to strengthen the information and communication technology (ICT) security of financial entities in the European Union (EU). It was published in the Official Journal of the EU on 27 December 2022 and will enter into force on 16 January 2023. It will apply to a range of financial entities, including credit institutions, investment firms, central securities depositories, central counter parties, trading venues, benchmark administrators, fund management companies, insurance and reinsurance undertakings, insurance intermediaries, payment institutions, electronic money institutions, crypto-asset service providers, issuers of asset-referenced tokens, and crowdfunding service providers. There are limited exclusions for smaller firms, and DORA will also apply to third-party ICT service providers such as cloud platforms and data analytics providers.