DORA – how quickly is the clock ticking

18 October 2023 | Knowledge, News

The financial sector has today fully embraced technology as a way to offer clients increased security, quality and convenience. Modern financial institutions are increasingly relying on digital technology, offering their clients services based on cloud computing, big data, blockchain, and artificial intelligence, often managed by external ICT companies. However, the surge in reliance on ICT systems, has seen a hand in hand exponential increase in cyber-attacks and consumer risk.

CERT Polska, the group set up to monitor and respond to major cyber incidents reported that in 2022  there had been 2944 incidents targeting banks, of which 21 were deemed serious, and a staggering 2813 incidents targeting financial market infrastructure. It seems that the surge in technology has come at a cost of an explosion in online crime and it’s likely that this pattern of behaviour will continue unless there are adequate safeguards implemented to fight back.

Who is DORA aimed at

DORA, the EU regulation for digital operational resilience of the financial sector, is designed to create a robust, homogeneous EU wide network, by laying down new regulations requiring ICT entities to provide security against cyber risk, whilst managing any cyber incidents in a consistent manner. DORA focuses mainly on players operating in this market, such as:

  • Credit institutions
  • Insurance companies
  • Payment institutions
  • Investment firms
  • Insurance intermediaries

DORA will also cover third-party ICT service providers and apply to the requirements of contracts between financial market entities and these providers. Thus, entities providing services to the financial market and using resources or networks in information systems for this purpose will have to adapt their activities and the terms and conditions of their contracts.

How long will it be before DORA enters into force

DORA is expected to fully enter into force by 17 January 2025, which is a closer than it may seem. Financial market participants and external ICT service providers should thus be carefully considering the steps they will need to take to come into line with these new requirements, and should already be considering:

  • Building or reviewing the quality of the governance framework related to ICT risks
  • Developing and implementing policies, procedures, protocols and tools to ensure ICT security
  • Adapting contractual terms and conditions

Given the potential scale of the transition, it is  clear that financial market participants should begin to implement DORA at soon as practicable. However, given that regulatory technical standards are still being developed to clarify many issues, it would be wise to plan any changes, seeking experienced advisors to assist along the way. But it seems that finally, the digital future is one step closer to being secured for business.

Source: Contact Online

Date: 5.10.2023

Questions? Contact us

Jan Ziomek

Latest Knowledge

How to structure a family foundation wisely

One of the key advantages of a family foundation is the flexibility to shape its internal structure as required. The legislature has granted the founders considerable freedom in this respect, enabling the foundation to be adapted to specific financial, family and business needs.

New rules for employing foreigners

The long-awaited Act on the Conditions for the Admissibility of Entrusting Work to Foreigners in the Republic of Poland came into force on 1 June 2025, replacing the previous legislation on employment promotion and labour market institutions.

The UDER2 draft: (theoretically) strengthened principle in dubio pro tributario

This principle, which states that doubts should be resolved in favour of the taxpayer, is set out in Article 2a of the General Tax Code and applies only in cases involving vague regulations. In practice, this leaves the tax authorities with considerable leeway for arbitrary application in proceedings where factual findings are crucial.

The Polish Deposit and Return System: a guide to the legal and tax rules

The Polish Deposit and Return System launches on 1 October. This is a real revolution for businesses, whether they are producers, importers, distributors or traders. Indeed, its implementation brings with it a number of challenges, including, perhaps less obviously, concerning VAT. Here is a brief guide to the most important issues relating to the Polish Deposit and Return System.

Act Amending the Labour Code or Poland’s response to the Equal Pay Directive

On 3 April 2025, a new draft Act Amending the Labour Code appeared on the website of the Sejm. Prepared by the Extraordinary Committee for Codification Amendments, it differs significantly from the original parliamentary draft implementing the Directive (print no. 934), the first reading of which took place on 6 February 2025. On 9 May 2025, the Sejm adopted the bill without amendments.