Provisional Agreement reached on DORA
29 July 2022
DORA is expected to come into force in Q1 2023 and to be fully applicable by Q1 2025 following a two-year implementation period.
The MFSA issued a circular to regulated entities informing that on 23 July 2022 a provisional agreement on the DORA (Digital Operational Resilience Act) has been reached and the Regulation is now expected to go through a process of voting and adoption.
The Regulation introduces a series of Regulatory and Implementing Technical Standards, including Guidelines.
DORA introduces provisions – subject to different layers of proportionality – on financial entities in the areas of ICT risk management framework, ICT-related incidents, digital operational resilience testing (including advanced testing) managing of risk associated with the use of ICT-third party providers, EU-level oversight framework of critical ICT-third party providers and an optional provision on information sharing between financial entities.