På Svenska
Hero image

DORA - Digital Operations Resilience Act

DORA - Digital Operations Resilience Act

Harmonized rules for the financial sector

The Digital Operations Resilience Act (DORA) is a set of regulations developed at the European level to minimize digital risks in the financial sector. The purpose of this regulation is the harmonization of existing rules on managing ICT (Information and Communication Technology) governance, risks and incident reporting for all financial institutions to ensure operational resilience against cyberattacks.

13 %
of the total number of security incidents in 2019 affected companies in the banking and finance sector
81 %
of all Swedes have high confidence that their bank protects their sensitive information from misuse and intrusion
75 %
would change their existing bank if it was found to have misused personal data

DEADLINE

Enactment details

EU regulation

DORA will come into force as new regulation at European level and must be applied in an equal manner in all EU countries.

Entry into force

DORA entered into force in January 2023 and shall apply 24 months after the date of its publication

Exception

Articles 23 and 24 (threat-based penetration tests) apply 36 months after the due date of entry into force.

Summary

Essential content

ICT Governance

Update existing rules on ICT governance to align respective business strategies

ICT Risk Management

Key requirements and principles on ICT risk management

ICT Incident Reporting

Monitoring and reporting of ICT-related incidents

Digital Operational Resilience Testing

Regular performance of enhanced operational resilience tests

ICT Third-Party Management

Active management of ICT third-party risk and the contract design

Reporting to Authorities

Compliance with the regulation will be ensured by respective authorities

banking and finance

Contact us

We offer several contact routes and provide feedback as soon as possible. If you have sensitive information, we ask you to use the encrypted method.