Go to content

Digital Operational Resilience Act (DORA)

The Digital Operational Resilience Act (DORA) has been in force since January 2023. DORA is a European regulation that aims to ensure that financial organisations improve the controls of their IT risks and thus become more resilient against cyber threats. There is actually an imbalance between the increasing IT threat and the development of this resilience. DORA supplements existing legislation on this point, namely the NIS2 Directive and GDPR.

The Digital Operational Resilience Act (DORA) has been in force since January 2023. DORA is a European regulation that aims to ensure that financial organisations improve the controls of their IT risks and thus become more resilient against cyber threats. There is actually an imbalance between the increasing IT threat and the development of this resilience. DORA supplements existing legislation on this point, namely the NIS2 Directive and GDPR.

The financial sector is becoming ever more dependent on technology/tech businesses (IT technology) in the provision of its services. This means that the financial sector is becoming more exposed to underlying problems with technology, such as cyberattacks. Ultimately, this could harm the robustness and transparency of the capital markets.
DORA aims to alleviate technological risks for providers of crowdfunding services, investment firms, insurance, reinsurance and ancillary insurance intermediaries, collective investment schemes and trading platforms. The intention is to ensure robustness. The regulation focuses on refining risk management, IT incident management, testing, supervision of critical IT services providers, and the element of governance and organisation. In addition, DORA improves supply chain security and mitigates the risks of errors in the exchange of information.

Companies have until December 2024 to comply with this regulation. The rules have to be implemented in every organisation by January 2025. It is expected that the AFM and DNB will collectively supervise compliance with the regulation.

More information about the operation of, and supervision of, DORA can be found under Important laws and regulations.