The article discusses the recent preparations and developments leading up to the implementation of the EU Digital Operational Resilience Act (DORA) on January 17, 2025.
In September 2024, the European Central Bank published a paper on the TIBER-EU framework, which may assist financial entities and national competent authorities meet DORA's threat-led penetration testing requirements.
Another key development was the European Supervisory Authorities (ESAs) appointing Marc Andries as director handling joint oversight activities under DORA.
The ESAs also released their 2025 work programme, which highlights digital operational resilience and DORA implementation as priorities of the ESAs. By mid-January 2025, they aim to complete all DORA Level 1 policy mandates and begin implementation of core oversight activities.
Separately, the ESAs have expressed concerns over the European Commission's proposed amendments to the draft implementing technical standards on registers of information under DORA. In particular, the introduction of European unique identifiers as an alternative identifier for EU third-party service providers.
"Counting down to DORA compliance," Grip, October 23, 2024
London
