Logo
StreamLex Home
Logo
StreamLex Home
Laws
Laws
Recitals
Recitals
Your feedback
About UsNewsletterTerms of UsePrivacy NoticeLinkedIn
DORA

  • Data & Privacy

    • Data Act
    • Data Governance Act
    • ePrivacy Directive
    • GDPR

  • AI & Trust

    • Artificial Intelligence Act

  • Cybersecurity

    • Cybersecurity Act
    • DORA
    • NIS2

  • Digital Services & Media

    • Digital Markets Act
    • Digital Services Act
    • European Media Freedom Act
DORA
Digital Operational Resilience Act

Understanding the Digital Operational Resilience Act

Full name of the law
Full name of the law

Regulation (EU) 2022/2554 of the European Parliament and of the Council of 14 December 2022 on digital operational resilience for the financial sector and amending Regulations (EC) No 1060/2009, (EU) No 648/2012, (EU) No 600/2014, (EU) No 909/2014 and (EU) 2016/1011

Link to the official text
Link to the official text
https://eur-lex.europa.eu/eli/reg/2022/2554/oj
Adoption date
Adoption date

14 December 2022

Transposition or application date
Transposition or application date

17 January 2025

Relevant EU-level authorities and groups
Relevant EU-level authorities and groups
  • European Banking Authority (EBA)
  • European Insurance and Occupational Pensions Authority (EIOPA)
  • European Securities and Markets Authority (ESMA)

  • *EBA, EIOPA and ESMA are collectively referred to as European Supervisory Authorities (ESAs)*

Relevant Member States authorities
Relevant Member States authorities

  • Competent authorities (Article 46)

Objectives of the law
Objectives of the law
Scope
Scope
  • Financial entities, including credit, payment and e-money institutions, investment firms, crypto-asset service providers, issuers of crypto-assets, insurance and reinsurance undertakings, credit rating agencies, statutory auditors and audit firms and crowdfunding service providers (Article 3)
  • ICT third-party service providers to financial entities, e.g., cloud service providers (Article 3)
Key obligations under the law
Key obligations under the law

  • ICT risk management and governance (Chapter II)

  • ICT-Related incidents management, classification and reporting (Chapter III)

  • Digital operational resilience testing (Chapter IV)

  • Third-party risk management (Chapter V)

DORAon StreamLex, what can I find?

Included in the resources
Included
Included

Technical standards, guidance (guidelines, recommendations, etc.) and templates issued by the ESAs relevant to DORA

Included
Included

Legislation (decisions, implementing decisions, implementing regulation, etc.) adopted by the European Commission relevant to DORA

Included
Included

Relevant registers maintained by the ESAs and the European Commission relevant to DORA

Not included in the resources
Not Included
Not Included

ESAs and European Commission consultations, press releases, internal documents, annual reports, leaflets and similar information materials and ad hoc statements that do not constitute guidance

Not Included
Not Included

Draft versions of the ESAs and European Commission documents (e.g., technical standards issued for the purposes of public consultation) and invalidated documents (e.g., superseded by other documents)

Not Included
Not Included

Documents issued by the national competent authorities

Not Included
Not Included

EU and national court judgments

Complete Resources for this Law

© 2024 StreamLex

NewsletterAbout UsTerms of UsePrivacy NoticeManage cookies

© 2024 StreamLex