Executive Summary
The Digital Operational Resilience Act (“DORA”) was published in the Official Journal of the European Union (“EU”) in December 2022, with an application date of January 17, 2025. This new EU legislation is designed to improve the cyber security and operational resilience of firms in the EU financial services sector.
If you would like to read more about the requirements for DORA, you can access the full summary here.
Please contact James Delaney with any questions regarding the regulation.
-
James Delaney
Managing Director, Asset Management Regulation, AIMA
Timeline
AIMA has categorized these requirements as Medium Priority/Medium Impact and they are therefore represented in Mid-Dark Blue in the AIMA Regulatory Horizon scan gantt chart.
DORA compliance date | January 17, 2025 |
European Commission adopts first set of delegated acts under DORA (the Council and European Parliament will have three months (extendable by three additional months) to formulate objections (if any). In the event both institutions do not raise any objections, the delegated acts will enter into force) | February 22, 2024 |
ESAs publish first set of final draft technical standards under DORA | January 17, 2024 |
ESAs consult on second batch of DORA policy mandates | December - March 2024 |
ESAs consult on the first batch of DORA policy mandates | June - September 2023 |
ESAs discussion paper on criteria for critical ICT third-party service providers (CTPPs) and determining oversight fees levied on such providers | May 2023 |
Joint ESAs public event on DORA - Technical discussion (slides) | February 6, 2023 |
Regulation effective date | January 23, 2023 |
Directive effective date | January 14, 2023 |
Regulation and Directive publication date | December 14, 2022 |
AIMA submits feedback on the proposals to the European Commission | February 16, 2021 |
ESAs letter to European Commission on the proposals | February 9, 2021 |
Proposed Regulation and Directive published by European Commission | September 24, 2020 |
AIMA submits response to consultation paper | March 19, 2020 |
Consultation paper published by European Commission | December 19, 2019 |
ESAs advice to European Commission on legislation relating to ICT risk management | April 10, 2019 |
What's Required Webinar
In April 2023, AIMA and Kroll held a virtual session for members breaking down the key requirements in the Level 1 text of DORA and providing an insight on sound practices and international standards which may influence the forthcoming Level 2 texts.
Recorded on 05/04/2023