Digital threats and cyberattacks are increasing every year. In 2023, digital threats caused damages of more than €200 billion in Germany, of which 72% resulted from cyberattacks (source: Bitkom, study on economic protection 2023). To counter the threat to the system-critical financial sector, the EU has decided to implement a uniform, high level of security. The Digital Operational Resilience Act (DORA) is the answer.
The regulation on digital operational resilience is intended to reduce the risks arising from the ever-increasing dependence on information and communication technology in the financial sector. In particular, DORA is expected to reduce the risk of severe operational disruption arising from digital threats and cyberattacks, by focusing on the entire value chain. Notably, DORA subjects IT service providers to direct financial supervision – for the first time. DORA will apply to companies in the financial sector and their IT service providers from January 17, 2025 . It's crucial for every company to check whether DORA applies to them and what measures need to be taken now, including reviewing outsourcing contracts for DORA compliance and internal IT infrastructure.
McDermott developed DORA Check to provide a first overview of the regulation to keep users informed about the legal essentials of DORA.
Click here to access the tool.
The content of this article is intended to provide a general guide to the subject matter. Specialist advice should be sought about your specific circumstances.