In an era of increasing digitization, new legal regulations such as the European Union’s (EU) forthcoming Digital Operational Resilience Act (DORA) are noteworthy. Scheduled to come into effect in January 2025, DORA holds implications not only for businesses operating within the EU, but also those who have interactions outside its domain.
Understanding the focus of DORA is vital for legal professionals working in corporations and law firms worldwide. DORA’s main aim is to establish robust cybersecurity requirements for the financial sector. The main elements of DORA include risk management, incident reporting, digital operational resilience testing, and ICT third-party risk.
Moreover, DORA is expected to introduce comprehensive requirements for ICT risk management. The act focuses on identifying, assessing, mitigating, and effectively managing the ICT risk. Businesses will be required to have sound security policies, procedures, and measures in place to ensure these risks are appropriately managed. This regulation emphasizes the essential role that digital operational resilience plays in the current global business environment.
This news is particularly relevant for legal professionals working in the technology or financial sectors, but also for those businesses that leverage digital operations to drive their business activities. They will need to be across the details of the legislation and able to advise accordingly so that their organizations or clients continue operating within the law once DORA becomes effective.
For more in-depth information regarding the implication of DORA, visit the full article on JDSupra.