Jan Ziomek Dora Eng

DORA – how quickly is the clock ticking

18 October 2023 | Knowledge, News

The financial sector has today fully embraced technology as a way to offer clients increased security, quality and convenience. Modern financial institutions are increasingly relying on digital technology, offering their clients services based on cloud computing, big data, blockchain, and artificial intelligence, often managed by external ICT companies. However, the surge in reliance on ICT systems, has seen a hand in hand exponential increase in cyber-attacks and consumer risk.

CERT Polska, the group set up to monitor and respond to major cyber incidents reported that in 2022  there had been 2944 incidents targeting banks, of which 21 were deemed serious, and a staggering 2813 incidents targeting financial market infrastructure. It seems that the surge in technology has come at a cost of an explosion in online crime and it’s likely that this pattern of behaviour will continue unless there are adequate safeguards implemented to fight back.

Who is DORA aimed at

DORA, the EU regulation for digital operational resilience of the financial sector, is designed to create a robust, homogeneous EU wide network, by laying down new regulations requiring ICT entities to provide security against cyber risk, whilst managing any cyber incidents in a consistent manner. DORA focuses mainly on players operating in this market, such as:

  • Credit institutions
  • Insurance companies
  • Payment institutions
  • Investment firms
  • Insurance intermediaries

DORA will also cover third-party ICT service providers and apply to the requirements of contracts between financial market entities and these providers. Thus, entities providing services to the financial market and using resources or networks in information systems for this purpose will have to adapt their activities and the terms and conditions of their contracts.

How long will it be before DORA enters into force

DORA is expected to fully enter into force by 17 January 2025, which is a closer than it may seem. Financial market participants and external ICT service providers should thus be carefully considering the steps they will need to take to come into line with these new requirements, and should already be considering:

  • Building or reviewing the quality of the governance framework related to ICT risks
  • Developing and implementing policies, procedures, protocols and tools to ensure ICT security
  • Adapting contractual terms and conditions

Given the potential scale of the transition, it is  clear that financial market participants should begin to implement DORA at soon as practicable. However, given that regulatory technical standards are still being developed to clarify many issues, it would be wise to plan any changes, seeking experienced advisors to assist along the way. But it seems that finally, the digital future is one step closer to being secured for business.

Source: Contact Online

Date: 5.10.2023

Questions? Contact us

Jan Ziomek

Latest Knowledge

Banking sector overview | Banking today and tomorrow | June 2026

According to a statement published by GPW Benchmark, the reference rate administrator, and the Polish Financial Supervision Authority (KNF), which oversees the administrator, 31 December 2036 will be the last day on which the WIBID and WIBOR rates will be provided for all key fixing periods: 1 month (1M), 3 months (3M) and 6 months (6M).

How to correctly calculate length of service from 1 May 2026

New rules for calculating length of service have applied to private sector employers since the beginning of May 2026. With companies continuing to express concerns about the new framework, the Ministry of Family, Labour and Social Policy has addressed the most common questions. We look at the issues that are (still) troubling employers and how we can help.

Tax settlement agreement: A new tool in the General Tax Code

A draft bill amending the General Tax Code (No. UDER110) has been submitted for consideration by the Council of Ministers. The bill introduces the tax settlement agreement, a new form of amicable dispute resolution between taxpayers and the tax authority. The draft is open for inter-ministerial review and public consultation until 19 June, with the proposed date of entry into force being 1 January 2028. Below, we examine who may apply for a settlement agreement, when, and on what terms, and how the process may work in practice.

A revolutionary reform of Poland’s capital market – ETFs and the Qualified Investment Fund

Poland’s capital market is on the cusp of one of the most significant reforms in recent years, which will fundamentally reshape the regulatory framework for ETFs and introduce an entirely new investment vehicle: the Qualified Investment Fund (QIF/KFI). This is a response to market demands and presents an opportunity for Poland to close the gap with countries such as Luxembourg and Ireland, with the overarching objective of boosting competitiveness and stemming the outflow of investment capital abroad. The new regulations aim to deliver greater flexibility for investors and fund managers alike, while also aligning with current market trends and European standards. We examine what is changing in practice and what it means for all market participants.

Directive 2024/825 – the European Union’s response to greenwashing

Greenwashing poses one of the most significant challenges to the consumer protection framework in the European Union. As customers become increasingly environmentally conscious, brands are ever more inclined to leverage this interest by invoking the language of environmental protection, sustainable development and climate neutrality. Yet these claims do not always reflect the actual characteristics of their products or services. The EU has sought to bring systemic order to this area by clarifying the information obligations of traders and broadening the list of practices deemed unfair. We consider what these changes mean for businesses in practice.

GLI – AI, Machine Learning & Big Data 2026: The Polish perspective on artificial intelligence law

Global Legal Insights (GLI) is a series of international publications by the Global Legal Group (GLG), authored by legal practitioners from around the world. It offers an up-to-date and highly practical guide to the applicable regulatory landscape, complemented by expert commentary on specific areas of law across different jurisdictions. In short: legislation and actionable know-how in one place.

Banking sector overview | Banking today and tomorrow | May 2026

“The end of the dream of free housing” – this is how the Polish Bank Association (Związek Banków Polskich) has characterised Thursday’s judgments of the Court of Justice of the European Union in cases concerning whether the claims of financial institutions against CHF mortgage borrowers have become time-barred.

Return deposits like VAT? The elephant in the room: the risks of the deposit-return system

The deposit-return system was supposed to be simple. Eco-friendly. Leak-proof. Tax-neutral. However, it took just a few months for serious doubts to emerge. The first loopholes are no longer just theoretical, they are in plain sight. The mechanisms for abuse can be described quite precisely, and the scale of potential losses may be much greater than anticipated. Below, we examine where the system is losing control and how this can be addressed.