During the digital era, different rules and laws have emerged with the aim of regulating the sector and generating greater confidence in users of digital platforms in the financial sector. One of these rules is the Digital Resilience Act (DORA) created by the European Union. However, some myths have been created about this law. Below, we will learn about some of the most common myths:
Regulates only ICT within the EU
Many people and businesses have come to believe that the Digital Resilience Act will only apply to financial institutions or companies and information and communications technology (ICT) service providers based in the European Union (EU). However, DORA has a reach beyond the EU and can affect any ICT provider that provides services to EU companies, regardless of their location.
Regulates only cybersecurity
Some people think that DORA only regulates cybersecurity. However, even though cybersecurity is an important part of this regulation, DORA is a comprehensive regulation that covers several aspects, as this law is intended to strengthen the operational resilience of the financial sector in Europe, so that companies can withstand and recover from serious operational disruptions, thereby safeguarding the economy as a whole.
Regulates only financial entities
Many people and businesses believe that the DORA Act only regulates financial institutions. However, this Act implements mandatory contractual terms for agreements between financial institutions and third-party providers. ICT seeks to ensure that these organizations have clear rights and obligations, thus promoting operational resilience and compliance with the law for all those involved.
Regulation without evolution or application in the future
Some people think that the Digital Operational Resilience Act is a completely new regulation and that it will not have any kind of evolution or application in the future. However, the DORA Act introduces a regulatory framework with a more coherent and comprehensive approach to digital operational resilience, generally to encompass the growing and significant complexity of ICT in the financial sector.
Importantly , this law enhances existing legal frameworks as it builds on regulations related to operational resilience, such as the Network and Information Security (NIS) Directive, the European Securities and Markets Authority (ESMA) and the European Banking Authority (EBA) guidelines.
Its date of entry into force may be postponed
Some People and companies have come to think that because it is a regulation that has taken more than two years to come into force, the deadline can be changed and postponed. However, the truth is that the date for this law to come into force is set for January 17, 2025, and financial institutions and ICT service providers must be prepared to comply with the regulations from the established date.
What do you think about this topic? Do you want to know more about the Digital Resilience Act (DORA)?
If you are interested in Pilsenga products or services, you can contact us by visiting the following link.
