cleversoft group GmbH+49(0)89 288 51110
Open a Support Ticket Support
Join our newsletter
cleversoft navcleversoft nav
contact cleversoft
Join our newsletter

The financial sector's digitalization has created new risks and opportunities. In response, the European Union has introduced the Regulation (EU) 2022/2554 of the European Parliament and of the Council of 14 December 2022 on digital operational resilience for the financial sector (DORA) to address cybersecurity and Information and communication technology (ICT) risks in financial markets.


Let's talk how we can help your business.


Connect to a new world of efficiency by utilizing cleversoft’s business solutions.

Get in touch

Let's talk how we can help your business.


Connect to a new world of efficiency by utilizing cleversoft’s business solutions.

Get in touch

The financial sector’s digitalization has created new risks and opportunities. In response, the European Union has introduced the Regulation (EU) 2022/2554 of the European Parliament and of the Council of 14 December 2022 on digital operational resilience for the financial sector (DORA) to address cybersecurity and Information and communication technology (ICT) risks in financial markets. This legislation was passed by Parliament in December 2022 with the goal of enhancing operational resilience.

Since January 2023, Digital Operational Resilience Act has been in force and the legislative requirements in it shall apply from 17 January 2025; however, it is not yet clear when companies will have to start submitting the mandatory reporting of the Register of Information mandated by the regulation.

While there’s no confirmed date yet, the dry run for data collection is set to commence after the end of May and is projected to last until at least the end of the third quarter. Given this timeline, it’s unlikely that the initial reporting will be feasible before the second quarter of 2025, and it could potentially be delayed further. The European Supervisory Authorities (ESAs) stated that enough time will be allocated for technical preparations once the final reporting Data Point Model is released.

For companies in the financial sector, the new regulations offer an opportunity to increase their own security and resilience in the ICT sector. At the same time, DORA brings new challenges.

Read on to learn more about the most important requirements:

1. Contract management with third party ICT providers

DORA specifies the requirements for contracts with third party ICT providers. Financial institutions must incorporate these requirements into their contract management processes. This includes categorizing existing contracts, defining target requirements, conducting gap analyses and addressing potential gaps.

2. Reporting of major ICT incidents

Financial organizations are required to report major ICT-related incidents to the relevant authorities without delay. Transparency and early reporting are essential to maintaining operational resilience.

3. Information sharing and cyber threat intelligence

DORA emphasizes the sharing of information and intelligence related to cyber-attacks. Collaboration between financial institutions and regulators is essential to stay ahead of emerging risks.

4. Monitoring critical third-party ICT suppliers

Financial institutions need to monitor critical third-party ICT providers to ensure their operational resilience. Robust supervisory frameworks are essential to manage the risks associated with outsourcing.

5. Digital resilience testing program

A proportionate and risk-based testing program needs to be established as part of DORA. This program will include various tests such as open-source analysis, vulnerability assessments, gap analyses and network security assessments.

Failing to adhere to DORA can result in serious consequences. It is crucial for financial institutions to fully embrace DORA to avoid penalties and ensure strong processes.

Our compliance commitment

We are fully committed to complying with DORA at cleversoft. We have taken part in a practical exercise organized by the ESAs to guarantee this. For more information, please visit EBA´s (European Banking Authority) website.
Our IT systems have been designed to meet DORA standards and we are actively getting ready for implementation.

We will keep you updated on the next steps and any compliance changes related to the regulations.

If you have any inquiries about DORA, please contact us via the website contact form.