DORA — Digital Operational Resilience Act
The DORA regulation applies to the financial sector in Poland. Check if your company needs to comply and learn about the implementation process.
What is DORA?
The Digital Operational Resilience Act (DORA) is a European Union regulation governing digital operational resilience in the financial sector. It applies to banks, insurance companies, investment funds, payment institutions, crypto-asset service providers and key ICT suppliers to the financial sector.
Key DORA requirements
ICT risk management
A comprehensive ICT risk management framework covering identification, protection, detection, response and recovery.
Incident reporting
Obligation to report major ICT incidents to supervisory authorities within specified timeframes.
Resilience testing
Regular digital resilience testing, including advanced penetration testing (TLPT) for large entities.
ICT third-party risk
Management of technology supplier risk, including oversight of critical ICT providers.