Preparing for DORA: ESAs initiate dry run exercise
The European Supervisory Authorities (ESAs) are gearing up for the next phase of implementing the Digital Operational Resilience Act (DORA) by initiating a voluntary dry run exercise in May. This exercise aims to help financial entities prepare for the forthcoming requirement to maintain registers of information on their use of ICT third-party service providers starting from 2025. Regulators around the world are grappling with questions about cybersecurity readiness and operational resilience, with barely a day going past without a major cyber attack impacting key industries and infrastructure.
During this dry run of DORA, one of the EU’s key policy responses, financial entities will be asked to provide information on their contractual arrangements with ICT third-party providers through their competent authorities. The collected data will assist in familiarising entities with the process and requirements of compiling and reporting this information under DORA.
Participating financial entities will receive support from the ESAs to build their registers of information, test the reporting process, address data quality issues, and enhance internal processes. Feedback on data quality will be provided, and workshops will assist entities throughout the exercise.
With the exact scope and impact of DORA still to be fully understood, the faster the ESAs start to acquire data, the better.
Read more here.
