Lawyers at McCann FitzGerald have urged financial entities to prepare to be compliant with new EU legislation aimed at making their digital operations more resilient.
The lawyers say that the Digital Operational Resilience Act (DORA) will introduce “detailed and comprehensive rules” at EU level for EU financial entities.
The rules cover issues such as the reporting of IT-related incidents, information-sharing on cyber-threats, and contracts between financial firms and third-party ICT providers.
In a note on the firm’s website, McCann FitzGerald points out that, while DORA will not apply until 17 January 2025, it would be prudent for financial entities to prepare for compliance as soon as possible.
The lawyers point to the scope of DORA, and the likely need to engage with third-party providers of information and communication technology (ICT) services.
McCann FitzGerald urges firms that may be covered by the law to set up a DORA implementation team, and conduct an analysis of their existing ICT risk-management frameworks against DORA requirements.
They should also review ICT contractual arrangements and assess ICT third-party risks, according to the lawyers.
DORA will apply to a wide range of financial entities – including credit institutions, payment institutions, electronic-money institutions and investment firms, as well as insurance firms and brokers.
“It should be noted that DORA will apply in a proportionate manner, taking into account a financial entity’s size and overall risk profile,” say the McCann FitzGerald lawyers.