The European Union’s (EU) Digital Operational Resilience Act (DORA) entered into force on 17 January 2025, meaning that banks, payment institutions, insurance undertakings, investment firms, asset managers, alternative investment fund managers – even crypto-asset service providers and central counterparties – and other in-scope entities have now had to be DORA-compliant for a number of months.
Ensuring that systems, contracts and internal procedures are compliant with DORA is being treated as a paramount priority by the vast majority of firms. Most have now progressed beyond preliminary gap analyses and mapping of ICT services to the execution of structured implementation programs.
This is not a one-off compliance task, but rather a new standard for business-as-usual. It requires a continuous and dynamic process of reviewing and enhancing internal policies, risk management frameworks, and incident response procedures, as well as revising contractual arrangements with ICT service providers.
The article explores how institutions can bridge the legal, technical, and contractual complexities that arise in this ongoing phase of compliance, focusing on sustainable operational resilience and effective governance models across the financial ecosystem.
By Fabio Coco – published in Mealey’s Litigation Report: Cyber Tech & E-Commerce
Read the full Article
