DORA Regulation

February 2024
Region: Europe

The Regulation (EU) 2022/2554 of the European Parliament and of the European Council of 14 December 2022, on digital operational resilience for the financial sector and amending regulations (EC) No 1060/2009, (EU) No 648/2012, (EU) No 600/2014, (EU) No 909/2014 and (EU) 2016/1011 (DORA), came into force on 17 January 2023, and shall be applied from 17 January 2025 onwards by the EU member states.

The legal act is intended to improve the digital security and operational resilience of EU financial companies and their information and communication technology (ICT) third-party service providers across the EU, and to create a uniform supervisory framework throughout the EU. The aim is to reduce vulnerability to cyber threats and ICT disruptions across the entire IT supply chain of the financial sector.