This Friday (17 January) the EU Digital Operational Resilience Act, DORA, comes into force and, unusual for EU legislation, there are no transitional provisions meaning the legislation comes into effect immediately.

The European Securities and Markets Authority has already warned that financial entities should identify and address gaps between their internal set ups and DORA’s requirements. In addition, as of this Friday the firm should be ready for the new reporting ICT-related incidents in accordance with the new reporting obligations. Also, firms should be ready for the request to provide the new register of ICT third-party providers’ contractual arrangements as soon as February/March.

For those financial entities that are behind with their DORA implementation we are running last minute bespoke emergency clinics and training.

For further information please contact Floortje Nagelkerke, Anna Carrier, Sebastien Praicheux, Dorothee Ciolino or your usual Norton Rose Fulbright contact.