The EU council stated in a press release on May 12, 2022, that the EU commission has reached a provisional agreement on the Digital Operational Resilience Act (DORA). DORA sets uniform requirements for the security of companies in the financial sector and critical third parties such as SAAS crypto providers.
The core goal of DORA is to strengthen digital security, whereby all involved businesses ensure they can withstand all types of ICT-related disruptions and threats in order to prevent and mitigate cyber threats. DORA creates a regulatory framework on digital operational resilience and sets uniform requirements for security and related risks. DORA is part of the digital finance package. This digital finance package contains a digital finance strategy, proposals on markets in crypto-assets regulation (MiCAR), DORA and a proposal on distributed ledger technology (DLT).
To whom does DORA apply?
Dora sets uniform requirements for financial institutions in the EU. These include Virtual Assest Service Providers (VASP) as defined in MiCAR that provide crypto-assets services, such as trading, exchange, custody and the execution of crypto-assets on behalf of a third party.
The new law is applicable to all EU persons and businesses established in the European Economic Area (EEA) or established outside the EEA but having clients located in the EEA. DORA not only applies to the VASPs, but also to their key suppliers.
Once the DORA proposal is formally adopted, it will be passed into law by each EU member state. The relevant European Supervisory Authorities (ESAs), such as the European Banking Authority (EBA), the European Securities and Markets Authority (ESMA), and the European Insurance and Occupational Pensions Authority (EIOPA), will then develop technical standards for all financial services institutions to abide by, from banking to insurance to asset management and crypto-related services.
It is best to prepare your company for the new legislation before it comes into effect. VASPs will have to assess their organizational requirements and operational ICT risks. This assessment is a lengthy process and will take time to implement new standards that are compliant with the new legislation.
Dicutech crypto infrastructure partner
All critical third parties need to comply with the DORA legislation. Our core value propositions is to guarantee that our infrastructure responds to the highest levels of security, confidentiality, and availability.
Dicutech is one of the few companies having passed both the ISO 27001 certification and the ISAE 3402 Type 1 certification, the most important international standard for companies in the financial sector. The ISAE 3402 Assurance Report includes the audit of our award-winning NEXUS crypto infrastructure platform.
NEXUS, developed by Quantoz blockchain technology is ready for Dora. Our SAAS infrastructure platform for cryptocurrency and fiat transaction processing, enables you to start offering various cryptocurrency services, such as brokerage, merchant, or custodian services.