Digital Operational Resilience Act

What you need to know

  • DORA (Digital Operational Resilience Act) is a EU regulation that aims to achieve comprehensive information and communication technology (ICT) risk management in the EU financial sector and harmonize existing regulations across member states.
  • DORA was adopted in November 2022 and Member States are required to adopt the measures necessary to comply with it by 17 January 2025.
  • DORA applies universally to all EU financial institutions, encompassing traditional and non-traditional entities, and including third-party service providers and critical information services.
  • DORA enforcement is held by competent authorities in each EU member state, with penalties for non-compliance, including fines of up to 1% of daily worldwide turnover for "critical" ICT providers.
  • DORA shares significant synergies with GDPR (General Data Protection Regulation), offering a complementary framework. Compliance with DORA requirements may not only fortify ICT resilience but also align with GDPR regulations, especially in areas related to the security and resilience of network and information systems in the financial sector.
  • DORA has intersections with Network and Information Systems Directive (NIS2)? For financial entities covered by both, DORA is considered a sector-specific Union legal act, superseding certain provisions of the NIS2 Directive.
  • DORA encompasses four domains? Key areas addressed include ICT risk management and governance, incident response and reporting, resilience testing, and third-party risk management.
  • DORA mandates that contractual agreements incorporate specific stipulations? These include ensuring accessibility, availability, integrity, and security to balance the interactions between financial institutions and third-party entities.
  • DORA non-compliance penalties include administrative and criminal measures? Critical ICT providers may face fines of up to 1% of their average daily worldwide turnover daily for six months until compliance.

Key Benefits of comforte's Data Security for DORA Compliance

The comforte Data Security Platform provides data discovery, classification and protection capabilities to help you:

  • Identify and classify sensitive data:  Efficiently manage risk by locating and classifying sensitive data within your ICT systems, ensuring DORA compliance (Article 18)
  • Streamline Inventory & Document Information Assets: Identify, categorize, and document information assets supporting your business functions in accordance with digital operational resilience requirements. (Article 8)
  • Enhance Data Protection: Implement cybersecurity best practices such as granular access controls and advanced data protection methods to ensure compliance with evolving data protection requirements. (Article 56).
  • Implement Data Protection Measures: Utilize data encryption, tokenization, and masking to safeguard sensitive data and ensure confidentiality, aligning with financial sector cybersecurity standards. (Article 9)
  • Simplify Compliance Testing: Verify that sensitive data is adequately protected and encryption meets EU financial regulation's security specifications, ensuring seamless DORA compliance.

FAQs on DORA Compliance

Next steps

Ensuring compliance with DORA is paramount. If you're seeking insights into how to comply with DORA, reach out to our experts to discuss tailored solutions that help you meet cross-regulatory data protection requirements and explore best practices for financial cybersecurity audits.


Contact us