Provisional Agreement reached on DORA

Provisional Agreement reached on DORA

DORA is expected to come into force in Q1 2023 and to be fully applicable by Q1 2025 following a two-year implementation period.

The MFSA issued a circular to regulated entities informing that on 23 July 2022 a provisional agreement on the DORA (Digital Operational Resilience Act) has been reached and the Regulation is now expected to go through a process of voting and adoption.

The Regulation introduces a series of Regulatory and Implementing Technical Standards, including Guidelines.

DORA introduces provisions – subject to different layers of proportionality – on financial entities in the areas of ICT risk management framework, ICT-related incidents, digital operational resilience testing (including advanced testing) managing of risk associated with the use of ICT-third party providers, EU-level oversight framework of critical ICT-third party providers and an optional provision on information sharing between financial entities.

Get in touch with our BDO Technology Advisory team to learn more: