Digital Operational Resilience Act (DORA)
On 27 December 2022, the Digital Operational Resilience Act (DORA) was published in the Official Journal of the EU. This includes a Regulation and a Directive on digital operational resilience for the financial sector. DORA takes effect 17 January 2025.
DORA applies to a wide range of financial entities regulated by the Central Bank of Ireland. For the first time, DORA brings together provisions addressing digital operational risk in the financial sector in a consistent manner in one single legislative act.
Relevant to regulated financial service providers, it introduces targeted rules on:
- Information and Communication Technology (ICT) risk management
- ICT-related incident management, classification and reporting
- Digital operational resilience testing
- Management of ICT third-party risk (including the introduction of an oversight framework for critical ICT third-party service providers)
- Information sharing arrangements.
The DORA regulation is supplemented by (and should be read in conjunction with) the relevant implementing and delegated acts adopted by the European Commission and guidelines and information published by the European Banking Authority the European Insurance and Occupational Pensions Authority and European Securities and Markets Authority.
Financial Entities should monitor updates from the Central Bank of Ireland's DORA Communications and Publications page and relevant supervisory authorities on their respective websites.
Further Reading & Useful Links
Updated: 17 January 2025