Intellectual Property, Information Technology & Cybersecurity

The EU’s Digital Operational Resilience Act for Financial Services Industry Actors Entered into Force

Author: Sevgi Unsal Ozden

Introduction
The Covid-19 pandemic and recent technological developments have significantly accelerated the digital transformation of all sectors. However, this rapid change especially in the financial sector (mobile banking, e-commerce, contactless payments, etc.) has brought some risks along with making life extremely easy for customers. As an inevitable consequence of such developments, on 24 September 2020, the European Commission (“Commission”) adopted a new digital finance package, including (i) a digital finance strategy, (ii) a retail payments strategy, and (iii) legislative proposals on crypto-assets and digital operational resilience. The said package aims to boost Europe's competitiveness and innovation in the financial sector, provide consumers and businesses more choice in financial services and modern payment solutions, and ensure consumer protection and financial stability. As part of this digital finance package, the Commission published the first draft of the Digital Operational Resilience Act (“DORA”). After approximately 2 years, DORA was published in the Official Journal of the European Union on 27 December 2022. The regulation entered into force on 16 January 2023 and will apply from 17 January 2025.
What is the Digital Operational Resilience Act?

Since the financial sector becomes heavily dependent on digital processes, systems, and software, risks associated with disruption and threats to information and communication technology (ICT) systems have dramatically increased. Therefore, the Commission’s strategy, by adopting DORA, is to make sure the financial sector in Europe is competent to stay resilient through ICT-related incidents. Within this scope, DORA includes regulations and a number of obligations for financial institutions to promote, improve and ensure operational resilience within the respective sector. DORA also sets out specific obligations on certain ICT service providers that provide ICT-related services to financial institutions and are considered to be critical positions such as cloud platforms, data analytics, and audit services.

Read the entire article.
< Back