Digital transformation and the need for regulation

The digital transformation of the financial sector has brought many opportunities and risks, too. In order to strengthen the resilience of financial institutions to cyber threats and operational disruptions, the European Union has adopted Regulation (EU) 2022/2554, known as DORA (Digital Operational Resilience Act). This Regulation entered into force on 16 January 2023 and its implementation is mandatory from 17 January 2025.

Main areas of regulation

DORA aims to ensure that all financial sector entities have adequate measures in place to prevent, detect and address cyber-attacks and operational failures. The main areas of regulation include:

ICT risk management

Financial institutions need to put in place robust frameworks to manage information and communication technology (ICT) risks, including continuous monitoring and timely resolution of incidents.

Incident reporting and resolution

Obligation to report significant cyber incidents to the relevant regulators to increase transparency and enable a coordinated response.

Digital Operational Resilience Testing

Entities will be obligated to regularly test their digital resilience through penetration tests and scenarios simulating real-life cyber attacks.

Third party risk management

Introduces stricter requirements for the supervision of digital service providers (e.g. cloud services) that are critical to the functioning of financial institutions.

Cooperation and supervision

Improve cooperation between EU Member States and regulators to coordinate action to ensure consistent application of the rules.

Impact of DORA on financial institutions

DORA applies to a wide range of entities, including banks, insurance companies, investment firms, asset management companies and crypto service providers.

Financial institutions will have to:

  • Adapt their existing security policies to the new requirements.
  • Invest in modernising IT infrastructure and cybersecurity.
  • Improve monitoring and reporting of cyber incidents.
  • Ensure compliance with cyber-attack resilience testing requirements.

DORA represents a significant step forward in the area of financial sector cybersecurity in the EU. Its implementation will bring a higher level of digital resilience and help prevent disruptions that can have serious consequences for financial stability. Financial institutions should start preparing now to meet the new requirements to minimise potential risks and ensure a smooth transition to the new regulatory framework.

Your contact person

Bibiána Žigová

Bratislava

Bibiána Žigová

Senior Manager for Information Security
This site is registered on wpml.org as a development site. Switch to a production site key to remove this banner.