Preparing for DORA 2025 – what to know?
-
About
- Type
- Blog
- Categories
- Data SovereigntyIndustry analyses
Digital Operational Resilience Act (DORA) will take effect on January 17th, 2025. This EU-wide regulation aims to ensure financial entities such as banks, fintech companies, and investment firms can withstand and recover from Information and Communication Technology (ICT) disruptions.
Both European Central Bank (ECB) and European Banking Authority (EBA) have provided further guidelines on ICT outsourcing in the financial sector. While these guidelines are not legally binding requirements, financial entities should take them into account when procuring ICT services.
How to prepare
To ensure compliance, businesses subject to DORA must implement specific measures. These include identifying and assessing potential ICT risks, establishing incident reporting mechanisms, conducting digital operational resilience testing, managing third-party risks, and creating a comprehensive ICT risk management framework.
DORA and cloud risk management
For financial entities operating on the cloud, specific due diligence must be conducted on current and future cloud providers.
Businesses subject to DORA must identify and evaluate potential threats such as service reliability and vendor lock-in. The ECB guideline recommends utilising multiple data centres in different geographical locations as a cloud resilience measure to navigate potential ICT disruptions. Furthermore, when selecting a cloud provider, businesses must prioritise their commitment to security, looking for providers with certifications like ISO 27001
As mentioned previously, ECB and EBA guidelines recommend conducting risk assessment and implementing additional safeguards if service providers located in third countries, i.e. outside the EU, are utilised. In selecting European-based cloud infrastructure service provider, financial entities simplify adherence to DORA, saving both time and resources.
Fundamentally, businesses must ensure contracts with cloud providers explicitly address DORA requirements and responsibilities.
Navigating DORA compliance with UpCloud
As a European-owned company headquartered in Finland, at UpCloud we are committed to helping customers achieve compliance with European regulations. We currently have 13 data centres globally, 8 within Europe, offering low latency, redundancy and resilience to meet business needs.
Furthermore, for customers subject to DORA we offer additional contract terms that help meet DORA requirements. With UpCloud as your trusted partner, you have the tools and support to navigate the complexities of DORA confidently, building a secure and resilient foundation for your financial operations.
Contact us today to learn more about our solutions.
