cs flag go to the original language article
This article has been translated by Artificial Intelligence (AI). The news agency is not responsible for the content of the translated article. The original was published by CTK.

The EU regulation on digital resilience for financial institutions comes into effect

by AI | 17.Jan 2025 | Europe in brief AI

DORA regulates the conditions under which banks, insurance companies, or investment firms use cloud services operated by companies like Amazon, Google, or Microsoft.

Illustrative image - optical fibers, which are used among other things for high-speed internet transmission. PHOTO: APA/dpa/Daniel Reinhardt

Prague – Today, the European regulation on digital operational resilience in the financial sector (DORA) takes effect, which imposes an obligation on financial institutions to secure information and communication systems against cyber threats. The rules are intended to protect the financial sector from situations where, for example, banks have sensitive data stored with one of the major cloud companies that becomes the target of a cyber attack. According to experts, Czech banks, insurance companies, and investment firms are prepared for the new rules.

DORA adjusts the conditions under which banks, insurance companies, or investment firms use cloud services operated by companies like Amazon, Google, or Microsoft. Financial companies will be required to demonstrate how effectively they can respond to a potential hacker attack that would affect their data storage. The regulation was created during the Czech presidency of the European Union in 2022.

Czech financial institutions have been preparing for the new rules for over a year, and according to experts, they are mostly ready. However, representatives of insurance companies and banks have pointed out that not all areas of regulation have been resolved at the European level. Only after their completion will individual financial institutions be able to implement all the rules. The costs of complying with the new rules are estimated by banks to be in the millions of crowns per institution.

“The regulation is structured into four basic requirements that must be met by all affected entities. These are ICT risk management, operational resilience testing, incident reporting, and third-party risk management,” said Tomáš Kubíček, a partner at the consulting firm BDO. According to him, it is an ongoing process that requires vigilance, adaptation, and continuous improvement. Failure to meet the requirements may result in sanctions from legal regulations, reputational damage, and operational vulnerability that threatens business, he added. (January 17)