Privacy & Security Hub

By tags

DORA

Digital Operational Resilience Act

The

@EU Digital Operational Resilience Act (DORA)⁠

is a EU regulation that entered into force on 16 January 2023 and applied as of 17 January 2025.

It aims at strengthening the IT security of financial entities such as banks, insurance companies and investment firms and making sure that the financial sector in Europe is able to stay resilient in the event of a severe operational disruption.

DORA brings harmonisation of the rules relating to operational resilience for the financial sector applying to 20 different types of financial entities and ICT third-party service providers.

Resources

Name

Description

Type

Company

Link

Advisera

Advisera makes standards and regulations easy to understand and simple to implement.

Digital Operational Resilience Act (DORA) - Regulation (EU) 2022/2554: Training, Updates, Compliance

Website about DORA

Digital Operational Resilience Act (DORA)

Website about DORA

No results from filter

⁠

Useful materials

Type

Source

Name

Type

Source

Link to the original

Description

White paper: Comprehensive Guide to the DORA EU regulation

This white paper is intended for professionals who are starting to learn about the European Union’s DORA regulation, and it presents the key elements to start a compliance project.

DORA documentation: What is required?

This article maps each relevant requirement from DORA with documents that are the best suited to cover those requirements.

AWS User Guide to the Digital Operational Resilience Act (DORA)

This document provides information regarding the adoption of Amazon Web Services (AWS) cloud for entities who are subject to the forthcoming Digital Operational Resilience Act (DORA). This guide describes the roles that AWS and its customers play in managing operational resilience in and on AWS, describes the AWS Shared Responsibility Model, compliance frameworks, advanced tools, and security measures that customers can use to evaluate their compliance with applicable regulatory requirements; with an overview of the DORA regulatory requirements and guidance that regulated customers can consider when adopting AWS.

Recording of the DORA Dry Run Summary workshop

Preparations for reporting of DORA registers of information

List of useful materials regarding DORA Register of Information

Data Model for DORA RoI

List of possible values for all data fields with drop downs

DORA: JC 2024 108 Report on the feasibility for further centralisation of reporting of major ICT-related incidents

The report assesses the feasibility of three different models: the baseline model, a model with enhanced data sharing arrangements and a fully centralised model. It considers the potential burden and cost reductions, as well as the efficiency and effectiveness gains that each model would bring for cross-sector supervisory practices.

Report on the feasibility for further centralisation of reporting of major ICT-related incidents

This report contains a feasibility study on options to further centralise incident reporting under DORA, covering the aspects detailed in Article 21(1) of the said legislation, and all those additional elements that are considered useful for the correct contextualization and elaboration of the study

Explanation of data quality feedback from Registers of information (RoI) validations by the ESAs

Frequently Asked Questions about DORA RoI

This document provides answers to theFAQs about the preparation and the reporting of the registers of information of contractual arrangements with the ICT third-party providers that financial entities need to maintain in accordance with Article 28(3) of DORA and as specified in the Commission Implementing Regulation (EU) 2024/2956 (ITS on the registers of information). The answers focus on the questions regarding the practical nature of the filling the templates as specified in the Commission Implementing Regulation (EU) 2024/2956, preparation of the reporting files, their submission to the ESAs.

Commission Delegated Regulation 2024/1772 Official Text

Commission Delegated Regulation (EU) 2024/1772 of 13 March 2024 supplementing Regulation (EU) 2022/2554 of the European Parliament and of the Council with regard to regulatory technical standards specifying the criteria for the classification of ICT-related incidents and cyber threats, setting out materiality thresholds and specifying the details of reports of major incidents

Commission Delegated Regulation 2024/1773 Official Text

Commission Delegated Regulation (EU) 2024/1773 of 13 March 2024 supplementing Regulation (EU) 2022/2554 of the European Parliament and of the Council with regard to regulatory technical standards specifying the detailed content of the policy regarding contractual arrangements on the use of ICT services supporting critical or important functions provided by ICT third-party service providers

Commission Delegated Regulation 2024/1774 Official Text

Commission Delegated Regulation (EU) 2024/1774 of 13 March 2024 supplementing Regulation (EU) 2022/2554 of the European Parliament and of the Council with regard to regulatory technical standards specifying ICT risk management tools, methods, processes, and policies and the simplified ICT risk management framework

Commission Implementing Regulation (EU) 2024/2956

Commission Implementing Regulation (EU) 2024/2956 of 29 November 2024 laying down implementing technical standards for the application of Regulation (EU) 2022/2554 of the European Parliament and of the Council with regard to standard templates for the register of information

EU Digital Operational Resilience Act (DORA)

Regulation (EU) 2022/2554 of the European Parliament and of the Council of 14 December 2022 on digital operational resilience for the financial sector and amending Regulations (EC) No 1060/2009, (EU) No 648/2012, (EU) No 600/2014, (EU) No 909/2014 and (EU) 2016/1011

No results from filter

⁠

Want to print your doc?
This is not the way.

Try clicking the ⋯ next to your doc name or using a keyboard shortcut (

CtrlP

) instead.