What is DORA and how is your business affected?
- A simple guide to the EU regulation DORA, the EU's IT security requirements for the financial sector. What does it mean, who is affected and how can you prepare your business?
On January 17, 2025, the Digital Operational Resilience Act (DORA) regulation entered into force across the EU. It aims to strengthen the digital operational resilience of the financial sector. This means that financial firms and their IT providers must be able to deal with technical failures and cybersecurity incidents without affecting customers or financial stability.
If a bank suffers a cyberattack, the consequences can be enormous, both for the business and for society at large. That's why DORA is an important step towards a safer and more resilient financial sector. In this article, we go through what you need to know, without drowning in paragraphs.
Who is covered by DORA?
DORA applies to banks, insurance companies, fund management companies, investment firms, payment service providers, crypto services and their ICT service providers. It also covers cloud service providers, operating partners and other third parties in the digital value chain.
However, according to Finansinspektionen, auditors, accountants, real estate agents and debt collection agencies, for example, are not covered unless they are directly licensed in the financial sector.
What are DORA's requirements for the financial sector?
DORA contains both technical and organizational requirements. The main areas are:
- Information security and access management
- Contingency plans and incident management
- Reporting IT incidents to the Financial Supervisory Authority
- Business continuity and recovery plans
- Testing of digital systems and processes
- Documentation and audit obligation
For many businesses, this means new procedures, clearer responsibilities and documented processes, especially when working with IT suppliers.
Not sure if DORA affects your business?
For those of us working in the field of IT security for financial institutions, it is crucial not only to understand the regulatory framework. But also to be able to demonstrate compliance and actively contribute to our customers' digital resilience.
We will be happy to help you make an initial assessment, as well as develop concrete measures that will allow you to comply with DORA without making it complicated.
Also consider NIS2
At the same time as DORA is introduced, the the NIS2 Directive will affect many businesses in Sweden. Especially those operating in critical sectors or handling sensitive data. Like the GDPR, NIS2 requires a lot of preparation.
We can help you find out what rules apply to your business and what actions you should take first.
[ Want more information or help getting started with DORA? ]
Get in touch - we are happy to help you!
Tired of filling in forms?
You can also call 040-626 75 00, Monday-Friday 08-17, or send an e-mail to kontakt@upheads.se.
Inspiration and knowledge straight to your inbox
Sign up for our monthly inspirational newsletter that gives you tips, insights and advice on new ways of working, processes and security related to Microsoft 365, Azure and various tools in Microsoft's cloud platform.
-
Digital Sofa - Copilot agents
AI is becoming a natural part of the working day and with Copilot agents, development is gaining momentum.
→ Read more -
How to build a secure network
A traditional firewall or antivirus software is no longer enough. To build a secure ...
→ Read more -
How much value does your IT actually give you?
At Upheads, we see daily how the right IT solution can be the difference between an organization struggling with...
→ Read more