It just over seven months, the Digital Operational Resilience Act (DORA) enters into force in the EU — and not every organization is prepared.
The regulation, which will apply as of January 17, 2025, covers the financial sector, but the regulation’s reach extends beyond traditional players such as banks, investment firms, and insurance companies, to also include crypto-asset providers, data reporting providers, and cloud service providers — actors who may not be as used to dealing with comprehensive regulations such as DORA.
“It is a very comprehensive regulation that is also supplemented by a number of regulatory technical standards and implementation standards,” says Pernilla Rönn, cyber security manager at Stockholm-based technology consultancy HiQ.
