European Union: Cybersecurity measures in Regulation on digital operational resilience for the financial sector (DORA)

Progress

Current status
processing consultation
17 Jan 2025 in force
16 Jan 2023 in grace period
28 Nov 2022 adopted
10 Nov 2022 under deliberation
10 May 2022 under deliberation
07 Dec 2021 under deliberation
24 Nov 2021 under deliberation
24 Sep 2020 under deliberation

Scope

Implementers
Austria
Belgium
Bulgaria
Croatia
Cyprus
Czechia
Denmark
Estonia
Finland
France
Germany
Greece
Hungary
Ireland
Italy
Latvia
Lithuania
Luxembourg
Malta
Netherlands
Poland
Portugal
Romania
Slovakia
Slovenia
Spain
Sweden
Policy Area
Data governance
Policy Instrument
Cybersecurity regulation
Regulated Economic Activity
digital payment provider (incl. cryptocurrencies)
DLT development
infrastructure provider: cloud computing, storage and databases
Government Branch
legislature
executive
Government Body
parliament
central government
Implementation Level
supranational

Timeline of events

17 Jan 2025
in force

Implemented Regulation on digital operational resilience for the financial sector (DORA) including cybersecurity measures

On 17 January 2025, the Regulation on digital operational resilience for the financial sector (DORA), including cybersecurity measures is implemented. The Regulation lays down uniform obligations regarding security, risk management, monitoring and i…

Source
Event type law
Action type implementation
Government branch legislature
Government body parliament
16 Jan 2023
in grace period

Entry into force with grace period of Regulation on digital operational resilience for the financial sector (DORA) including cybersecurity measures

On 16 January 2023, the Regulation on digital operational resilience for the financial sector (DORA) enters into force with grace, twenty days after being published in the Official Journal of the European Union. The Regulation lays down uniform obli…

Source
Event type law
Action type in force with grace period
Government branch legislature
Government body parliament
28 Nov 2022
adopted

Adopted Regulation on digital operational resilience for the financial sector (DORA) including cybersecurity measures by Council of the European Union

On 28 November 2022, the Council of the European Union adopted the Digital Operational Resilience Act (DORA Regulation). The Regulation lays down uniform obligations regarding security, risk management, monitoring and information sharing of informat…

Source
Event type law
Action type adoption
Government branch legislature
Government body parliament
10 Nov 2022
under deliberation

Passed Regulation on digital operational resilience for the financial sector (DORA) including cybersecurity by European Parliament

On 10 November 2022, the European Parliament passed the Digital Operational Resilience Act (DORA Regulation). The Regulation lays down uniform obligations regarding security, risk management, monitoring and information sharing of information and com…

Source
Event type law
Action type passage
Government branch legislature
Government body parliament
10 May 2022
under deliberation

Reached provisional agreement between European Parliament and Council on Regulation on digital operational resilience for the financial sector (DORA) including cybersecurity measures

On 10 May 2022, the European Parliament and the Council of the European Union announced that a provisional agreement on the Regulation on digital operational resilience for the financial sector (DORA) Proposal was reached. The Proposal outlines cybe…

Source
Event type law
Action type passage
Government branch executive
Government body central government
07 Dec 2021
under deliberation

Issued European Parliament approach on Regulation on digital operational resilience for the financial sector (DORA) including cybersecurity measures

On 7 December 2021, the European Parliament adopted its general approach on the Regulation on digital operational resilience for the financial sector (DORA). The Proposal outlines cybersecurity requirements to ensure the financial sector's digital o…

Source
Event type law
Action type passage
Government branch executive
Government body central government
24 Nov 2021
under deliberation

Announced Council of EU general approach on Regulation on digital operational resilience for the financial sector (DORA) including cybersecurity measures

On 24 November 2021, the Council of the European Union adopted its general approach on the Proposal on Regulation on digital operational resilience for the financial sector (DORA). The Proposal outlines cybersecurity requirements to ensure the finan…

Source
Event type law
Action type passage
Government branch executive
Government body central government
24 Sep 2020
under deliberation

Introduced Proposal for a Regulation on digital operational resilience for the financial sector (DORA) including cybersecurity measures

On 24 September 2020, the European Commission submitted the Proposal for a Regulation on digital operational resilience for the financial sector (DORA) to the European Parliament and the Council of the European Union. The Regulation outlines securit…

Source
Event type law
Action type introduction
Government branch executive
Government body central government