Visualisierung des Digital Operational Resilience Act (DORA) für den Finanzsektor.

DORA - Digital Operational Resilience Act in the EU

DORA, the Digital Operational Resilience Act, is relevant for information and communication technologies in the financial sector. CRISAM® makes implementation easy.

Make a demo appointment now

What is the DORA?

The Digital Operational Resilience Act (DORA), or Regulation (EU) 2022/2554 of the European Parliament and of the Council, contains provisions on information and communication technology (ICT) in the entire financial sector. DORA will apply from 17 January 2025.

Who is affected?

The new regulation affects two types of companies. On the one hand, the entire financial sector, such as credit institutions, insurance and reinsurance companies. On the other hand, third-party ICT service providers that offer ICT services and conclude specific contracts with financial companies.

Are you one of the affected companies?

The companies concerned are differentiated by size on the basis of various criteria. DORA defines the four company sizes according to the number of employees and the amount of annual turnover or total assets.

Microenterprises

A financial undertaking which is not a trading venue, a central counterparty, a trade repository or a central securities depository, which employs fewer than ten persons and whose annual turnover or balance sheet total does not exceed EUR 2 million.

Small business

A financial enterprise that employs 10 or more but fewer than 50 persons and whose annual turnover or balance sheet total exceeds EUR 2 million, but not EUR 10 million.

Medium-sized company

A financial enterprise that is not a small enterprise, employs fewer than 250 persons and whose annual turnover does not exceed EUR 50 million and/or whose annual balance sheet total does not exceed EUR 43 million.

Large company

A large company is any financial company that does not fall under the definition of a micro, small or medium-sized enterprise. This means that they employ more than 250 people and their annual turnover exceeds EUR 50 million and/or their annual balance sheet total exceeds EUR 43 million.

What is the aim of DORA?

The DORA standardizes and updates various national regulations and laws. Its aim is to create a high common level of ICT security for the EU’s financial sector, embedded in a modernized legal framework. It also contains precise specifications as to which security measures are to be implemented. The DORA is based on four pillars or subject areas. These are

ICT risk management
Handling of ICT incidents
ICT security tests
Monitoring of central ICT service providers.

In addition to the DORA, there are various regulations that have been updated for the DORA.

In cooperation with metafinanz Informationssysteme GmbH we developed a catalog of requirements for the various chapters of DORA and incorporated them into the CRISAM® methodology. The questions on article compliance were grouped thematically into modules. In addition, we also support compliance with the drafts of the Regulatory Technical Standards (RTS) and the drafts of the Implementing Technical Standards (ITS).

Reporting

Compliance with Regulation (EU) 2022/2554 is calculated based on the response to the list of requirements. By splitting DORA articles into several requirements, it is possible to identify and rectify deviations in a targeted manner. CRISAM® also offers this compliance query for the current RTS and ITS.

We will be happy to show you!