Helpful links

Popular Topics

DORA implementation and subjects

Published
Updated

Necessity to introduce DORA

DORA, or the Digital Operational Resilience Act, is Regulation (EU) 2022/2554 of the European Parliament and of the Council on digital operational resilience for the financial sector that entered into force on 17 January 2023.

The increased use of technology in the digitalisation process not only provides business opportunities for existing and new market participants, but also promotes a rise in risks. The framework aims to mitigate the risks associated with the digital transformation of the financial sector by setting common rules for all market participants. The rules apply to a wide range of financial institutions, including important ICT third-party service providers such as cloud service providers, telecommunication operators, software developers and other digital service providers.

Critical third-party service providers with cross-border reach and high concentration risk and systemic impact will be subject to centralised supervision at European level.

A practical guide is available for new and prospective financial market participants on preparing ICT documentation for supervisory purposes.

Scope

Standard

ICT risk

RTS 2024/1774

Incident classification

RTS 2024/1772

Incident reporting

RTS 2025/301, ITS 2025/302

Content of TPP agreements

RTS 2024/1773

Subcontracting

RTS 2025/532

TPP register

ITS 2024/2956

TLPT testing

RTS 2025/1190
  • credit institutions;
  • insurance corporations;
  • investment management companies;
  • investment firms;
  • insurance brokers which are large companies;
  • payment institutions;
  • electronic money institutions;
  • alternative investment fund managers (with exceptions);
  • crowdfunding platforms;
  • central securities depositories;
  • central counterparties;
  • data reporting service providers;
  • crowdfunding service providers;
  • account information service providers;
  • credit rating agencies;
  • securitisation repositories;
  • private pension funds (with exceptions);
  • crypto-asset service providers;
  • issuers of asset-referenced tokens;
  • ICT third-party service providers.

Three European Supervisory Authorities – the European Banking Authority, the European Securities Market Authority and the European Insurance and Occupational Pensions Authority – are compiling questions and answers to support consistent and effective application of the European Union regulation in the area of financial services. The database of questions and answers regarding DORA is available on the website of the European Insurance and Occupational Pensions Authority (see Joint Q&As - EIOPA) and can be navigated by selecting appropriate filters.

The questions published there are the ones that market participants have most often found confusing. If you cannot find an answer to your question via the resources of the European Supervisory Authorities or Latvijas Banka, you can e-mail it to dora@bank.lv or submit your question via the EIOPA's web resource Joint Q&As – EIOPA.

Question. How will the branches of financial entities registered in Latvia be supervised?
Answer. The competent authority ensuring the supervision of branches is the financial market supervisor of the Member State where the parent financial entity is established.

Question. Do we understand correctly that, with DORA becoming applicable, we will no longer have to report incidents to the European Central Bank but will instead report them to Latvijas Banka?
Answer. Financial entities that previously reported major incidents to the European Central Bank will now report them to Latvijas Banka.

Question. Is it true that non-bank lenders (instant loans) fall outside the scope of both DORA and NIS2 (National Cyber Security Law)?
Answer. Non-bank lenders are licensed and supervised by the Consumer Rights Protection Centre. In order to find out the status with regard to the requirements of the National Cyber Security Law, one can use the interactive tool NKDL tests.

How valuable was this information for you?
Not valuable Very valuable
How can we improve your experience in our site

This page is protected by Google’s reCAPTCHA and visitors are subject to Google Terms of Service and Google Privacy Policy