At the “Digital Romania” event, I spoke alongside representatives of authorities, the banking sector, cybersecurity experts,
training professionals, and PR about DORA.
DORA is an EU regulation that applies to financial entities, both traditional and in the crypto area, as well as third-party ICT service providers
for such entities (software, cloud computing, cybersecurity service providers, ICT consulting). It acts as a lex specialis relative to NIS2 and will apply
directly in national law from January 17, 2025. Until then, supervisory authorities are drafting implementation rules,
including on sanctions (which are left to the states to define).
It is a misconception that lawyers only intervene in the event of incidents! Therefore, DORA talks about the need to negotiate and
renegotiate old agreements made with third-party providers by financial entities, and describes a series of specific clauses for the financial sector.
Also, IT and cybersecurity service providers will be pleased to hear that governing bodies are now expressly responsible for ensuring a
budget for effective ICT risk management plus awareness and training programs (for governing bodies, staff, and third-party providers).
The sanctions are administrative, including penalties per day of delay until obligations are met, but criminal sanctions can also be introduced
by member states (Romania appears to be moving in this direction).
Thank you for the invitation, Financial Intelligence and Nextgen Software!
Share this:
Discover more from #News247WorldPress
Subscribe to get the latest posts sent to your email.