DORA – how quickly is the clock ticking

18 October 2023 | Knowledge, News

The financial sector has today fully embraced technology as a way to offer clients increased security, quality and convenience. Modern financial institutions are increasingly relying on digital technology, offering their clients services based on cloud computing, big data, blockchain, and artificial intelligence, often managed by external ICT companies. However, the surge in reliance on ICT systems, has seen a hand in hand exponential increase in cyber-attacks and consumer risk.

CERT Polska, the group set up to monitor and respond to major cyber incidents reported that in 2022  there had been 2944 incidents targeting banks, of which 21 were deemed serious, and a staggering 2813 incidents targeting financial market infrastructure. It seems that the surge in technology has come at a cost of an explosion in online crime and it’s likely that this pattern of behaviour will continue unless there are adequate safeguards implemented to fight back.

Who is DORA aimed at

DORA, the EU regulation for digital operational resilience of the financial sector, is designed to create a robust, homogeneous EU wide network, by laying down new regulations requiring ICT entities to provide security against cyber risk, whilst managing any cyber incidents in a consistent manner. DORA focuses mainly on players operating in this market, such as:

  • Credit institutions
  • Insurance companies
  • Payment institutions
  • Investment firms
  • Insurance intermediaries

DORA will also cover third-party ICT service providers and apply to the requirements of contracts between financial market entities and these providers. Thus, entities providing services to the financial market and using resources or networks in information systems for this purpose will have to adapt their activities and the terms and conditions of their contracts.

How long will it be before DORA enters into force

DORA is expected to fully enter into force by 17 January 2025, which is a closer than it may seem. Financial market participants and external ICT service providers should thus be carefully considering the steps they will need to take to come into line with these new requirements, and should already be considering:

  • Building or reviewing the quality of the governance framework related to ICT risks
  • Developing and implementing policies, procedures, protocols and tools to ensure ICT security
  • Adapting contractual terms and conditions

Given the potential scale of the transition, it is  clear that financial market participants should begin to implement DORA at soon as practicable. However, given that regulatory technical standards are still being developed to clarify many issues, it would be wise to plan any changes, seeking experienced advisors to assist along the way. But it seems that finally, the digital future is one step closer to being secured for business.

Source: Contact Online

Date: 5.10.2023

Questions? Contact us

Jan Ziomek

Latest Knowledge

Belka tax cut and what this means for companies

The Minister of Finance has announced a plan to reduce the Belka tax, to come into effect on 1 January 2025. And although he has said that the groundwork is already being laid, he has not yet revealed all the details of the proposed changes.

Liability of management board members

The liability of management board members is a complex and multifaceted issue. It is therefore worth taking a closer look at these issues, especially in light of recent developments.

Effectively managing collective redundancies

The labour market is seeing an increased number of collective redundancies. We check what rules govern collective redundancies and what obligations must be fulfilled in order to carry them out effectively.

SME Fund – Tomasz Szambelan accredited IP Scan provider

Tomasz Szambelan has been included in the list of accredited IP Scan providers maintained by the Polish Patent Office. The IP Scan service is part of the grant scheme for the filing of trade marks, designs and inventions from the European SME Fund.

New rules for setting fines for businesses by the President of UOKiK

At the beginning of April 2024, the President of the Office of Competition and Consumer Protection (UOKiK) published new clarifications on the determination of the amount of fines in cases related to the conclusion of agreements restrictive of competition and the abuse of dominant position.

Contact us:

Jan Ziomek

Jan Ziomek

Advocate / Partner / Head of FinTech / NewTech Sector Practice

+48 736 429 981