DORA is now live, without any transitional provision.
A wide range of rules applicable for managing ICT risks, including risks linked to ICT third-party service providers, applies from today. DORA applies to nearly all financial entities in the EU, with very few exemptions for smaller institutions. For the first time, it also covers major unregulated ICT third-party service providers; a significant shift in European financial regulation.
One of the immediate and key requirements under DORA is the reporting of ICT-related incidents, which entities must begin doing today. Additionally, in-scope entities will need to submit detailed information registers to regulators in early Q1 2025.
To help those asset managers who may be behind with their DORA implementation we have just published the latest episode in our Let’s talk asset management series covering DORA and its impact on asset managers.
In addition, for those financial entities that are behind with their DORA implementation we continue to run last minute bespoke emergency clinics and training.
For further information please contact Floortje Nagelkerke, Anna Carrier, Sebastien Praicheux, Dorothee Ciolino or your usual Norton Rose Fulbright contact.