Tuesday, 07 February 2023AHS 1|23 - Digital Operational Resilience Act (DORA): “Yet another burden” or “All-in-One Compliance problem saver?

To keep the track with developments in business i.e., business optimization and transformation, initiated and endorsed by ICT (information Communication Technology) evolution, the legislation and finance authorities are continually issuing new or updating regulations and directives. The plethora of such compliance requirements, specific either for business-type e.g., banking, insurance, investment firms or geographical i.e., region, country, causes a headache to management particularly for large and international one.

The solve disparities between the locally issued regulations, guidelines and circulars, the EU has published in September 2020 a global legislative proposal called DORA (Digital Operation Resilience Act) , as a single regulation, establishing a foundation for EU regulators and supervisors to ensure organizations’ financial and operational resilience. The proposal, provisionally approved by EU Parliament on the 10th May 2022, is expected to come into force in Q1 2023, while rules apply 24 months after.

The objective of this single regulation for European financial market is the shift from guaranteeing financial resilience to ensure maintainability of resilient operations through an incident of severe operational disruption.

The need for such unique legislative action follows not only from the increasing reliance of the financial market on ICT, but also growing complexity of financial services, incl. digital finance strategy, a proposal on markets in crypto-assets and on distributed ledger technology (DLT).


  • Establishment of uniform requirements for security of network and information systems of organizations operating in financial sector. Requirements includes existence of ICT risk management framework, reporting related incidents, and operational resilience testing.
  • The scope of financial entities as a subject to the new rules is very wide and includes critical ICT- service providers, e.g., cloud platforms or data analytics. Non-complying providers can expect significant fines.
  • Though statutory auditors and audit firms were within scope of proposal, the European Council confirmed auditors will not be subject.
  • Critical third-country ICT service providers must establish a subsidiary within the EU to enable regulatory oversight.


Jiri Cejka / Jiri Cejka, Head GRC Consultant for EU and APAC, CISA, EPAM Systems (Switzerland) GmbH

Jiri has over 40 years of experience in Financial, and Insurance Services. Prior to joining EPAM Jiri was SME for IT Governance, Audit and Security. He was long-time developer of Stock-exchange Systems, co-working on development of IT Audits, Security, Governance and Strategy methods at KPMG as well as IT Audit Leader and Manager of IT Transformation Program in international technology corporation.

Location Map

Event Properties

Event Date 07. Feb 2023 16:40
Event End Date 07. Feb 2023 17:40
Capacity Unlimited
Individual Price Free
Sprache / Language Deutsch
CPE Hours 1
Location Hybrid Event - Detecon (Schweiz), Zurich AG
We are no longer accept registrations for this event

We use cookies on our website. Some of them are essential for the operation of the site, while others help us to improve this site and the user experience (tracking cookies). You can decide for yourself whether you want to allow cookies or not. Please note that if you reject them, you may not be able to use all the functionalities of the site.