Digital Operational Resilience Act (DORA), Regulatory Oversight, Regulatory Requirements

EBA Proposes Extending Outsourcing Requirements to All Third-Party Arrangements

Morgan Lewis - Tech & Sourcing on 8/29/2025

The European Banking Authority (EBA) recently published a consultation paper (Consultation) that proposes to expand third-party risk management requirements for certain EU-regulated financial entities. The Consultation would...more

ESAs Publish Guide on Oversight of Critical ICT Third-Party Service Providers under DORA

Katten Muchin Rosenman LLP on 8/20/2025

The European Supervisory Authorities (ESAs) recently published a comprehensive guide (Guide) on the oversight of critical information and communications technology (ICT) third-party service providers (CTPPs) under the EU...more

UK FCA findings on multi-firm review of data quality control frameworks in benchmarks sector

A&O Shearman on 8/12/2025

The UK Financial Conduct Authority (FCA) has published a new webpage summarising the findings of its multi-firm review into how benchmark administrators (BMA) manage data-related risks. While the FCA found some firms to...more

ECB publishes final guide on outsourcing cloud services

A&O Shearman on 8/4/2025

The European Central Bank (ECB) has published its final guide on outsourcing cloud services, following from a July 2024 consultation. Feedback on the consultation is set out in an accompanying feedback statement. The guide...more

DORA for Tech Vendors - What You Should Know (But Haven’t Asked)

Barnea Jaffa Lande & Co. on 6/5/2025

DORA (Digital Operational Resilience Act) is an EU regulation that sets rules for how financial entities manage ICT (Information and Communication Technology) risks. It covers areas like cyber resilience, incident reporting,...more

Corrigendum to Commission Delegated Regulation on RTS on risk management tools under DORA published in OJ

A&O Shearman on 5/22/2025

A corrigendum to Commission Delegated Regulation (EU) 2024/1774, which supplements the Regulation on digital operational resilience for the financial sector (DORA), was published in the Official Journal of the European Union...more

FSB publishes finalised format for FIRE framework

A&O Shearman on 4/24/2025

The Financial Stability Board (FSB) has published its finalised Format for Incident Reporting Exchange (FIRE), together with a press release and updated webpage. FIRE provides a standardised format for financial institutions...more

RTS on criteria for the composition of joint examination teams under EU DORA published in OJ

A&O Shearman on 4/2/2025

Commission Delegated Regulation 2025/420 has been published in the Official Journal of the EU. This Delegated Regulation supplements Regulation 2022/2554 on digital operational resilience for the financial sector (DORA)...more

Navigating DORA Compliance: Recent Developments

Katten Muchin Rosenman LLP on 3/20/2025

The EU Digital Operational Resilience Act (DORA) took effect on 17 January 2025 after a two-year implementation period. DORA sets out new requirements for financial entities (FEs) and their information technology and...more

ESMA guidelines on reverse solicitation under MiCAR

A&O Shearman on 3/10/2025

The European Securities and Markets Authority (ESMA) has published official translations of its guidelines on situations in which a third-country firm is deemed to solicit clients established or situated in the EU and...more

ESAs roadmap for designation of critical ICT third-party service providers under DORA

A&O Shearman on 3/4/2025

The European Supervisory Authorities (ESAs) have published a roadmap for the designation of critical ICT third-party service providers (CTPPs) under the EU Digital Operational Resilience Act (DORA). The roadmap of key dates...more

Digital Operational Resilience Act (DORA) › Regulatory Oversight › Regulatory Requirements

"My best business intelligence, in one easy email…"