The DORA (Digital Operational Resilience Act) Regulation is a European regulation that aims to harmonise the framework and regime applicable to the financial sector, with regard to cybersecurity and ICT management.
The subjective scope of application of this diploma includes financial entities (credit institutions, payment and electronic money institutions, investment firms, crypto-asset service providers, issuers of crypto-assets, issuers of asset-referenced tokens and issuers of significant asset-referenced tokens, managers of alternative investment funds, management companies and institutions for occupational retirement pensions), entities from the insurance sector (insurance and reinsurance companies, as well as insurance intermediaries, reinsurance intermediaries and ancillary insurance intermediaries) and ICT service providers (statutory auditors, audit firms and ICT third-party service providers).
This Act, besides introducing new obligations in the area of ICT governance and risk management, shall codify and harmonise the guidelines and requirements issued by national and European authorities, which are currently dispersed across several communications and guidelines. In addition, it will complement the Directive on measures for a high common level of cybersecurity across the Union (NIS 2), the Payment Services Directive (PSD 2) and the General Data Protection Regulation (GDPR) itself.
The present Act shall enter into force 20 days after its publications and sets forth that its provisions will become applicable two years after entering into force. The Proposal can be consulted here.