The rules apply to financial firms, including crypto service providers and critical third-party ICT providers.
The rules apply to financial firms, such as credit, payment and e-money institutions, as well as crypto service providers and insurance and reinsurance companies. It also applies to so-called third party ICT service providers, i.e. companies that are not necessarily originally part of the financial sector, e.g. providers of cloud computing services, software, data analysis services and providers of data centre services.
From 17 January 2025, after a two-year transition period.
Third-party ICT providers must adapt to risk management and compliance processes, carry out incident reporting and undergo resilience tests.
Efficient implementation of DORA can be achieved through early analysis, adaptation and training on the new regulations.
Possible sanctions include fines and restrictions on the use of critical ICT services.
With comprehensive advice and practical support on all aspects of DORA requirements.