The Digital Operational Resilience Act (DORA), part of EU Regulation (EU) 2022/2554, aims to enhance cybersecurity in the financial sector by enforcing strict ICT risk management protocols. Effective from January 2025, DORA mandates that financial entities and ICT service providers adhere to comprehensive risk management frameworks, including detailed contractual provisions. These contracts must consider critical functions, supervisory conditions, and potential risks, with clear termination and exit strategies to maintain business continuity. Non-compliance can result in significant financial penalties, emphasising the importance of aligning contracts with DORA’s stringent requirements.
An article by our firm published on Lexology provides a more in-depth analysis of DORA’s requirements and their potential impact on financial institutions and ICT service providers.
For more information or to schedule a meeting to discuss DORA compliance, please contact Michael Pelosi or Emilios Charalambous.