• Current students
      • Student centre
        Enrol on a course/exam
        My enrolments
        Exam results
        Mock exams
      • Course information
        Students FAQs
        Student induction
        Course enrolment information
        F2f student events
        Key dates
        Book distribution
        Timetables
        FAE elective information
        CPA Ireland student
      • Exams
        CAP1 exam
        CAP2 exam
        FAE exam
        Access support/reasonable accommodation
        E-Assessment information
        Exam and appeals regulations/exam rules
        Timetables for exams & interim assessments
        Sample papers
        Practice papers
        Extenuating circumstances
        PEC/FAEC reports
        Information and appeals scheme
        Certified statements of results
        JIEB: NI Insolvency Qualification
      • CA Diary resources
        Mentors: Getting started on the CA Diary
        CA Diary for Flexible Route FAQs
      • Admission to membership
        Joining as a reciprocal member
        Admission to Membership Ceremonies
        Admissions FAQs
      • Support & services
        Recruitment to and transferring of training contracts
        CASSI
        Student supports and wellbeing
        Audit qualification
        Diversity and Inclusion Committee
    • Students

      View all the services available for students of the Institute

      Read More
  • Becoming a student
      • About Chartered Accountancy
        The Chartered difference
        Student benefits
        Study in Northern Ireland
        Events
        Hear from past students
        Become a Chartered Accountant podcast series
      • Entry routes
        College
        Working
        Accounting Technicians
        School leavers
        Member of another body
        CPA student
        International student
        Flexible Route
        Training Contract
      • Course description
        CAP1
        CAP2
        FAE
        Our education offering
      • Apply
        How to apply
        Exemptions guide
        Fees & payment options
        External students
      • Training vacancies
        Training vacancies search
        Training firms list
        Large training firms
        Milkround
        Recruitment to and transferring of training contract
      • Support & services
        Becoming a student FAQs
        School Bootcamp
        Register for a school visit
        Third Level Hub
        Who to contact for employers
    • Becoming a
      student

      Study with us

      Read More
  • Members
      • Members Hub
        My account
        Member subscriptions
        Newly admitted members
        Annual returns
        Application forms
        CPD/events
        Member services A-Z
        District societies
        Professional Standards
        ACA Professionals
        Careers development
        Recruitment service
        Diversity and Inclusion Committee
      • Members in practice
        Going into practice
        Managing your practice FAQs
        Practice compliance FAQs
        Toolkits and resources
        Audit FAQs
        Practice Consulting services
        Practice News/Practice Matters
        Practice Link
      • In business
        Networking and special interest groups
        Articles
      • Overseas members
        Home
        Key supports
        Tax for returning Irish members
        Networks and people
      • Public sector
        Public sector presentations
      • Member benefits
        Member benefits
      • Support & services
        Letters of good standing form
        Member FAQs
        AML confidential disclosure form
        Institute Technical content
        TaxSource Total
        The Educational Requirements for the Audit Qualification
        Pocket diaries
        Thrive Hub
    • Members

      View member services

      Read More
  • Employers
      • Training organisations
        Authorise to train
        Training in business
        Manage my students
        Incentive Scheme
        Recruitment to and transferring of training contracts
        Securing and retaining the best talent
        Tips on writing a job specification
      • Training
        In-house training
        Training tickets
      • Recruitment services
        Hire a qualified Chartered Accountant
        Hire a trainee student
      • Non executive directors recruitment service
      • Support & services
        Hire members: log a job vacancy
        Firm/employers FAQs
        Training ticket FAQs
        Authorisations
        Hire a room
        Who to contact for employers
    • Employers

      Services to support your business

      Read More
☰
  • Find a firm
  • Jobs
  • Login
☰
  • Home
  • Knowledge centre
  • Professional development
  • About us
  • Shop
  • News
Search
View Cart 0 Item

Knowledge Centre

☰
  • Home/
  • News/
  • Knowledge centre news item
☰
  • News
  • News archive
    • 2024
    • 2023
  • Press releases
    • 2025
    • 2024
    • 2023
  • Newsletters
  • Press contacts
  • Media downloads

What do you need to know now that DORA is here?

Jan 17, 2025

Moira Cronin explains how the Digital Operational Resilience Act will impact Irish-based financial services providers, enhancing ICT risk management and digital resilience

The Digital Operational Resilience Act (DORA) came into effect on 17 January 2025.

Designed to consolidate and upgrade information and communications technology (ICT) risk requirements in the financial sector, DORA applies common standards to all financial system participants. Its aim is to mitigate ICT and cyber risks across providers’ operations.

So, what does this Act mean for financial services providers based in Ireland?

Legal basis

DORA removes obstacles to—and improves the establishment and functioning of the internal market for—financial services, by harmonising the rules applicable in ICT risk management, reporting, security control testing and ICT third-party risk.

Subsidiarity

The proposal harmonises the digital operational component of a deeply integrated and interconnected sector already benefitting from a single set of rules and supervision in most other key areas.

For ICT-related incident reporting, only EU harmonised rules could reduce administrative burdens and financial costs associated with reporting the same ICT-related incident to different EU and national authorities.

Proportionality

Proportionality is designed in terms of scope and intensity through qualitative and quantitative assessment criteria.

While the new rules cover all financial entities, they are also tailored to the risks and needs of their specific characteristics in terms of their size and business profiles.

Proportionality is also embedded in the ICT and cyber-risk management rules, digital resilience testing, reporting major ICT-related incidents and oversight of critical ICT and cyber third-party service providers.

Choice of instrument

The measures needed to govern ICT and cyber risk management, ICT and cyber-related incident reporting, testing and oversight of critical ICT and cyber third-party service providers must be contained in the regulation to ensure that the detailed requirements are effectively and directly applicable in a uniform manner, without prejudice to proportionality and specific rules foreseen by this regulation.

Three DORA requirements businesses should aim to achieve are:

1. ICT-related incident reporting

One of the main requirements for financial entities is to establish and implement a management process to monitor and log ICT and cyber-related incidents, followed by an obligation to classify them based on criteria detailed in the regulation and further developed by the European Supervisory Authorities (ESAs) to specify materiality thresholds. Only ICT-related incidents deemed significant must be reported to the competent authorities.

2. Cyber operational resilience testing

The capabilities and functions included in the ICT risk management framework need to be periodically tested for preparedness, identification of weaknesses, deficiencies or gaps and prompt implementation of corrective measures.

This regulation allows for a proportionate application of digital operational resilience testing requirements depending on financial entities' size, business and risk profiles.

3. ICT and cyber third-party risk

The regulation is designed to ensure a sound monitoring of ICT and cyber third-party risk; financial entities shall be required to observe several key elements in their relationship with ICT and cyber third-party providers, remaining fully responsible for complying with and discharging all obligations.

To this end, contracts governing this relationship will be required to include:

  • At least a complete description of services;
  • An indication of locations where data is processed;
  • Full-service level descriptions accompanied by quantitative and qualitative performance targets;
  • Relevant provisions on accessibility, availability, integrity, security and protection of personal data;
  • Inspection and audit by the financial entity or an appointed third-party;
  • Clear termination rights; and
  • Dedicated exit strategies.

As such, DORA should be taken into consideration in close coordination with NIS Directive version 2, CBI Operational Resilience Guidelines and the EU Critical Infrastructure Directive.

DORA is part a package of digital finance measures designed to further enable and support the potential of digital finance in terms of innovation and competition while mitigating the risks arising from it.

It aligns with the European Commission's priorities to make Europe fit for the digital age and build a future-ready economy that works for the people.

Moira Cronin is Digital Risk Partner at PwC Ireland

The latest news to your inbox

Please enter a valid email address You have entered an invalid email address.

Useful links

  • Current students
  • Becoming a student
  • Knowledge centre
  • Shop
  • District societies

Get in touch

Dublin HQ

Chartered Accountants
House, 47-49 Pearse St,
Dublin 2, D02 YN40, Ireland

TEL: +353 1 637 7200
Belfast HQ

The Linenhall
32-38 Linenhall Street, Belfast,
Antrim, BT2 8BG, United Kingdom

TEL: +44 28 9043 5840

Connect with us

Something wrong?

Is the website not looking right/working right for you?
Browser support
CAW Footer Logo-min
GAA Footer Logo-min
CCAB-I Footer Logo-min
ABN_Logo-min

© Copyright Chartered Accountants Ireland 2020. All Rights Reserved.

☰
  • Terms & conditions
  • Privacy statement
  • Event privacy notice
  • Sitemap
LOADING...

Please wait while the page loads.