The EU Digital Operational Resilience Act (DORA) has now been published (on 27 December 2022) and entered into force on 16 January 2023. There will be a 24 month implementation period. Therefore, DORA will apply from 17 January 2025 in all EU Member States.
DORA will apply to the majority of EU-regulated financial entities and aims to consolidate and upgrade information communication technology (ICT) risk requirements and establish a streamlined digital operational resilience framework across the EU financial sector. It will also establish a new oversight framework for critical ICT third-party service providers that provide ICT services to financial entities.
Our article summarising the implications of DORA in more detail can be read here.
What is the position in the UK?
The financial services sector in the UK will continue to adhere to the rules of the Financial Conduct Authority (FCA) and the Prudential Regulatory Authority (PRA), which are also focusing on enhanced requirements around operational resilience.
In July 2022, the PRA, FCA and BoE published a Discussion Paper proposing that certain UK entities supporting the financial services sector designated as ‘critical third parties’ should meet specific operational resilience requirements. Our article summarising the implications of the Discussion Paper can be read here. We will continue to monitor progress of these potential measures in relation to operational resilience in the UK.