New regulatory paths in the financial sector: focus on DORA!

From January 2025, the new Digital Operational Resilience Act (DORA) will apply as a Europe-wide addition to the existing ZAIT (Payment Services Supervisory Requirements for IT Security) in Germany. Both focus on the operational stability of financial services companies and address similar topics in the area of IT security. However, payment and e-money institutions are now asking themselves what additional challenges they will face as a result of DORA.

DORA Picture EN

An overview of the differences:

  • Dealing with third-party providers: DORA sets stricter regulations for the risk management of critical IT service providers, including monitoring, reporting and auditing.
  • Cybersecurity regulations: While ZAIT focuses on IT infrastructure security, DORA goes further and covers a wide range of cybersecurity aspects, including operational resilience.
  • Validation: Resilience tests become more regular and sophisticated under DORA to increase resilience to technical disruptions and attacks.
  • Reporting & disclosure requirements: DORA sets detailed requirements for reporting IT incidents, including deadlines and the type of information to be reported.
  • Governance requirements: Management and board are held more accountable under DORA to ensure comprehensive operational resilience.

What does this mean for companies?

DORA will apply immediately from January 2025. Companies need to familiarize themselves with the new EU-wide regulations now and develop compliance strategies to avoid horrendous penalties.

How can we help?

aye4fin already conducts DORA Fitness Checks and supports pan-European financial companies with the assessment and implementation. Let’s overcome the challenges together!

For more detailed information: Dora – aye4fin

regulatory paths in the financial sector