DORA-EU-REGULATION-DETAIL
DORA EU Regulation detail compliance regulation modern detailed.
Définition
DORA (Digital Operational Resilience Act) detail couvre les details techniques + scope + obligations de l'EU Regulation 2022/2554 publie 27 decembre 2022 (entry into force 16 janvier 2023, application 17 janvier 2025) qui harmonise les operational resilience requirements financial services entities EU + leur Critical Third-Party Providers (CTPPs incl cloud providers AWS + Azure + GCP + multiple SaaS), comprend ICT risk management + incident reporting + digital operational resilience testing + ICT third-party risk + information sharing. Detail technique + scope d'application + obligations conformite + sanctions non-conformite + processus reporting + impact entreprises in-scope + alignement avec regulations adjacentes nationales + internationales + governance + supervisory authorities + timeline implementation + transitions + jurisprudence + best practices documentation industry adoption.
Origine
EU Regulation 2022/2554 DORA published 27 decembre 2022 ; entry into force 16 janvier 2023 ; application 17 janvier 2025 ; ESAs + ENISA + national competent authorities supervisory.
Exemple en contexte
European bank BNP Paribas implements DORA compliance program 2024-2025 : (1) ICT Risk Management Framework documented + Board-approved, (2) Major incident classification + reporting procedures (e.g., ransomware affecting trading systems triggers 4-hour initial notification + 72-hour intermediate report + final report ECB+ACPR), (3) Threat-Led Penetration Testing TLPT every 3 years on critical systems, (4) ICT third-party risk register all material outsourcing arrangements (cloud + SaaS providers monitored).
Termes liés
- DORA Regulation — summary version.