Mobile Menu

What is the Digital Operational Resilience Act (DORA)?

The Digital Operational Resilience Act (DORA) is an EU regulation that became effective on January 16, 2023, with enforcement beginning on January 17, 2025. Its primary objective is to enhance the cybersecurity of financial institutions, including banks, insurance companies, and investment firms, ensuring the European financial sector maintains resilience during significant operational disruptions. DORA establishes standardised regulations concerning operational resilience across the financial industry, covering a diverse range of entities, including 20 different financial institutions and third-party ICT service providers.

Why is DORA required?

As the financial sector relies more on technology and third-party tech providers to deliver services, financial institutions become susceptible to cyber threats and incidents. Mismanagement of ICT risks can result in cross-border disruptions of financial services, affecting not only other industries but also the broader economy. Recognising the critical need for digital operational resilience within the financial sector, the Digital Operational Resilience Act, or DORA, emerges as a vital regulatory framework.

Five Pillars of DORA

  • ICT Risk Management
    • A framework establishing principles and stipulating requirements for managing ICT risks.
  • ICT third-party risk
    • Management of risks associated with third-party ICT providers; Essential contractual clauses.
  • Digital operational resilience testing
    • A testing program for operational resilience that includes various tests, including advanced testing.
  • ICT related incidents
    • Handling of ICT-related incidents, and reporting major incidents and significant cyber threats to relevant authorities.
  • Information sharing
    • Sharing of information and intelligence regarding cybersecurity threats.

Legislative Acts Implementation Timeline 

The European Banking Authority (EBA), the European Insurance and Occupational Pensions Authority (EIOPA), and the European Securities and Markets Authority (ESMA) are collaboratively developing a series of policy measures to facilitate the enforcement of DORA.

What are the consequences of non-compliance with DORA? 

Similar to the General Data Protection Regulations (GDPR), DORA is poised to impose severe penalties on entities found in violation, including fines of up to 2% of their annual global turnover. Individuals could face fines of up to €1 million. Additionally, failure to report significant ICT incidents or cyber threats may lead to substantial fines. Non-compliant critical third-party ICT service providers may be fined up to €5 million, while individuals could be liable for fines of €500,000.

Considering this, financial institutions obligated to comply with DORA regulations have three options:

1. Await DORA enforcement and adapt to necessary changes as they arise.

2. Proactively implement strategic changes to address identified gaps.

3. Foster resilience through the deliberate deployment of an integrated solution.

Remaining Secure and Compliant 

With DORA regulations on the horizon, it’s time for financial institutions to transition their approach from reactive to proactive. DORA will affect all ICT providers and financial businesses in Europe, as well as organisations outside the EU that cater to EU residents. Without a secure communication system in place, your organisation will be directly exposed to potential risks.

In the midst of escalating regulatory oversight and the pressing need for compliance with the Digital Operational Resilience Act (DORA), Salt Communications stands out as your unwavering ally. By choosing Salt, you are making a strategic investment to bolster the integrity, confidentiality, and regulatory compliance of your financial institution’s sensitive communications. Ensuring compliance and security in relation to your executive communications, whether for day to day operations or in a time of crisis. 

With Salt Communications at your side, you can confidently navigate the intricate landscape of DORA regulations. Our secure and customised communication solution is tailored to meet the unique needs of financial institutions, providing you with the tools and support necessary to ensure seamless compliance with DORA mandates. 

Let Salt Communications be your trusted partner as you embrace the challenges of regulatory compliance and safeguard the security of your organisation’s valuable information assets.

Salt is here to help financial institutions be ready for the upcoming DORA regulations, reach out to the Salt team at info@saltcommunicaitions.com 

About Salt Communications:

Salt Communications is a multi-award winning cyber security company providing a fully enterprise-managed software solution giving absolute privacy in mobile communications. It is easy to deploy and uses multi-layered encryption techniques to meet the highest of security standards. Salt Communications offers ‘Peace of Mind’ for Organisations who value their privacy, by giving them complete control and secure communications, to protect their trusted relationships and stay safe. Salt Communications is headquartered in Belfast, N. Ireland, for more information visit Salt Communications.   

References:

https://www.mega.com/blog/five-pillars-digital-operational-resilience-act#:~:text=By%20adhering%20to%20the%20requirements,providers%20can%20fortify%20their%20defenses

https://www.ibm.com/topics/digital-operational-resilience-act

https://community.icttf.org/blog/digital-operational-resilience-act-dora

https://www.int-comp.org/insight/how-dora-is-redefining-financial-compliance-in-the-eu

Share This Post

Explore More