Go to content
News 20/07/23

AFM calls on firms to prepare for DORA

The Dutch Authority for the Financial Markets (AFM) has issued a publication explaining the key aspects of the Digital Operations Resilience Act (DORA). This publication enables firms to see where they stand in terms of cyber security and what further steps they need to take to comply with the regulation.
DORA has been in force since January 2023. DORA is a European regulation that aims to ensure that financial firms have better control of IT risks and are thus more resilient to cyber threats.

Five key focal points

Firms are advised to start preparing for DORA as soon as possible. This publication (pdf, 2.9 MB) shows among other things the areas that firms can already start working on while awaiting the details of further regulations. Firms within the scope of the regulation must comply with its provisions from January 2025. This publication highlights the following five points:
  • • ICT risk management
  • • ICT-related incidents
  • • Testing of digital operational resilience
  • • Management of ICT risk for third-party providers
  • • Governance and organisation

Supervision of the regulation

Firms have until January 2025 to comply with the regulation. After that, DORA will be officially applicable and the AFM and DNB will supervise the regulation. Some firms are already subject to DORA-related requirements under existing laws and regulations.

Contact for this article

Would you like to receive the latest news from AFM?

Subscribe to our newsletter, we will keep you up-to-date.