Effective Date

Regulation (EU) 2022/2554 of the European Parliament and of the Council of 14 December 2022 on digital operational resilience for the financial sector dated 14 December 2022, which is also know as the Digital Operational Resilience Act (“DORA”) entered into effect on 17 January 2025.

DORA brings a pivotal step towards the consolidation and enhancing of information and communications technology (“ICT”) related risks. DORA also provides assurance as to robust operational resilience within the financial sector.

New Measures

DORA’s aim is to enhance the security rules and digital operational resilience, particularly in the financial sector. DORA was designed as a response to a growing threat against digital solution systems and the vulnerabilities attached thereto. The regulation lays down numerous security rules and measures to be implemented by financial sector players.

DORA takes into account that a single digital attack’s impact could go well beyond a single player and spread through out the financial system. For this reason, it provides for applicable requirements in the field of ICT risk management, incident reporting, data and information sharing, digital operational resilience testing, third party ICT related risk management measures and cooperation with public authorities.

LEI Requirement

Players in the financial sector must ensure to have a valid LEI (Legal Entity Identifier) code to be able to submit their required reporting on eDesk as of 17 January 2025. In addition, they must submit a register of information (ROI) in relation to all contractual arrangements on the use of ICT services until 15 April 2025.

Furthermore, financial entities that work with third parties as to incident reporting must provide the authority with the relevant third party’s details in advance.

Can Ergur