The DORA regulation will apply starting from the beginning of 2025 for companies operating in the financial sector.
The financial sector is an ecosystem where a great variety of organisations operate: from large financial institutions to very small investment firms. In such a varied environment, the need for all organisations towards an integrated approach among risk governance, business compliance and ICT procedures is ever more compelling.
What is the Digital Operational Resilience Act?
The regulation (EU) 2022/2554 of the European Parliament and of the Council of 14 December 2022 Digital Operational Resilience Act (a.k.a DORA) stands as a robust legislative framework, intending to fortify the digital resilience of regulated financial entities throughout the European Union, encapsulating credit institutions, investment firms, insurers, and more. The act focuses on ICT risk management, ITC incident reporting, reporting of serious operational or payment security incidents, digital operational resilience testing, information sharing, and third-party risk management—that fundamentally shape how these entities manage Information and Communication Technology (ICT) and cyber risks. From 17 January 2025, the DORA Regulation is becoming binding for almost all entities operating within the financial market: not only banks, but investment firms and insurance companies, as well as financial market operators and their suppliers, including IT companies.
In light of DORA, companies are mandated to implement the rules outlined in the Art. 2, adhering to the principle of proportionality, already from this moment. This requires considering their size and overall risk profile, alongside the nature, scale, and complexity of their services, activities, and operations.
How can we help your organization?
In recent years, Wondersys has embarked on a certification journey, which has led the company to achieve ISO 27001 certification for cybersecurity and Uni/PdR 43.2 certification for the compliance with the European GDPR regulation. Drawing from the experience we gained in the field of cybersecurity and personal data protection, we offer consultancy services, extending our expertise to assist your organisation in comprehending and pragmatically implementing DORA’s provisions, facilitating compliance and augmenting both your operational and digital security.
Giacomo Sergio
Managing Director @ Wondersys