DORA is a harmonised and comprehensive regulatory framework on digital operational resilience. The regulation is designed to strengthen digital operational resilience and oversight over Critical Third-party ICT Providers (CTPPs).
The regulatory framework entered into force on 16 January 2023 and financial entities had until today to fully deploy and implement it.
How ENISA comes into play
ENISA signed a multilateral Memorandum of Understanding (MoU) with the European Supervisory Authorities (EBA, EIOPA, and ESMA – the ESAs) in June 2024 to strengthen the cooperation and information exchange on tasks of mutual interest, which includes policy implementation. This agreement will also help support regulatory convergence and consistency across Member States to reinforce the cybersecurity resilience needed for such essential services such as financial entities.
We look forward to continued collaboration with the ESAs to ensure a harmonized approach to cybersecurity between the horizontal NIS2 Directive and the sector-specific DORA, fostering unified and effective implementation.