This website uses cookies

This website uses cookies to ensure you get the best experience. By using our website, you agree to our Privacy Policy

International In-house Counsel Journal logoInternational In-house Counsel Journal logo
Back to library search

The EU Regulation on Digital Operational Resilience for the Financial Sector: Applicability & Compliance Guidance for ICT Service Providers

February 2025
Compliance

Abstract

The European Union (‘EU’) Regulation on Digital Operational Resilience for the Financial Sector EU 2022/2554 (‘DORA’), the new cybersecurity framework for the entire financial sector of EU along with its extensive Information and Communication Technology (‘ICT’) supply chain systems, has come into effect from January 17, 2025. This article will assess the applicability and impact of the DORA regulations for ICT third-party supply chain vendors (with special emphasis on applicability and compliance for IT vendors and cloud service providers) of EU based financial institutions. It will specifically cover the following key areas: a. Applicability of DORA to third party ICT third party services providers (including IT vendors and cloud service providers) of the financial sector; b. Key compliances under DORA for ICT third party service providers; c. Steps for translating DORA requirements into enforceable contractual requirements for ICT third party service providers; d. Risks/penalties for non-compliance; and e. Recent regulatory developments related to DORA compliance.

Author

Portrait image of Subhrarag Mukherjee
Subhrarag Mukherjee
Senior Legal Counsel – Strategic Alliances & OEM (North America & Worldwide), Hewlett Packard Enterprise, India

I am a Senior Legal Counsel in Hewlett Packard Enterprise (HPE) overseeing the legal support for the 'Strategic Alliance' and 'OEM' business groups for North America & Worldwide regions.

Company

Hewlett Packard Enterprise

Hewlett Packard Enterprise is an Information Technology MNC focussed on providing various kinds of IT hardware and software products and system integration services to its enterprise clients across the world.

Related Papers

UK Economic Crime and Corporate Transparency Act 2023 - Failure to prevent fraud: Storm in a tea cup?
The Failure to Prevent Fraud offence contained within the UK Economic Crime and Corporate Transparency Act 2023 (ECCTA) finally comes into effect on 1 September 2025 following the release of...Read more
Portrait image of Steve Holt
Steve Holt
Partner, Grant Thornton UK, UK
Portrait image of Oishi Ghosh
Oishi Ghosh
Forensic Investigation Services Manager, Grant Thornton UK, UK
Portrait image of Ollie Haselden
Ollie Haselden
Assistant Manager within the Forensics and Investigations department, Grant Thornton UK, UK
Compliance Programs: Step-by-Step Guide to Building and Scaling Effective Programs from Start-Ups to Large Enterprises
Business operates in a world of risks including geopolitical, regulatory, environmental, and macroeconomic. Many of these risks cannot be controlled. On the other hand, “conduct based risk”, or risks stemming...Read more
Portrait image of Gunnar Wieboldt
Gunnar Wieboldt
Former SVP, General Counsel, Vestaron Corporation, USA
The Importance of Compliance Programs
The interest in the proposed topic arose from the need to discuss the social and economic changes brought about by the concept of compliance and the Brazilian Anti-Corruption Law. We...Read more
Portrait image of Cristina Leite
Cristina Leite
Procurement Risk & Compliance Senior Consultant, ., Brazil
Portrait image of Thaíssa Felguerias
Thaíssa Felguerias
Senior Compliance Specialist, Hydro, Brazil
Actionable Insights for Organizations and Compliance Officers Amid AI Evolving Challenges and the Impending EU AI Act
“It is not enough to change the world. That is all we have ever done. That happens even without us. We also have to interpret this change” In the prophetic echoes...Read more
Portrait image of Camelia Gardot
Camelia Gardot
Compliance Partner- Head of Connected Intelligence, Airbus, France