{"id":19261,"date":"2025-12-19T14:54:37","date_gmt":"2025-12-19T14:54:37","guid":{"rendered":"https:\/\/belzuz.com\/?post_type=publicacion&p=19261"},"modified":"2025-12-22T15:15:03","modified_gmt":"2025-12-22T15:15:03","slug":"the-launch-of-the-dora-regulation-and-its-importance-for-safeguarding-financial-system-operations","status":"publish","type":"publicacion","link":"https:\/\/belzuz.com\/en\/publicacion\/the-launch-of-the-dora-regulation-and-its-importance-for-safeguarding-financial-system-operations\/","title":{"rendered":"The Launch of the DORA Regulation and Its Importance for Safeguarding Financial System Operations"},"content":{"rendered":"

At Belzuz Abogados, S.L.P.<\/a>, as specialists in Insurance Law<\/a>, we highlight the significance of the EU\u2019s Operational Resilience Regulation\u2014better known as DORA<\/strong>\u2014which entered its application phase on 17 January 2025<\/strong>. Although DORA has been in force since 16 January 2023, the European Union established a two\u2011year transition period to allow the financial industry to adapt before full implementation.<\/p>\n

DORA modifies several existing regulations\u2014(EC) No 1060\/2009, (EU) No 648\/2012, (EU) No 600\/2014, (EU) No 909\/2014, and (EU) 2016\/1011\u2014with the overarching goal of reinforcing the digital security of financial institutions, including banks, insurers, and investment service firms. The Regulation seeks to ensure that the European financial system can remain resilient in the face of significant ICT\u2011related disruptions<\/strong>, protecting institutions not only from cyberattacks but also from operational failures, and ultimately strengthening customer confidence in an increasingly digital marketplace.<\/p>\n

Given the sector\u2019s reliance on technology, reducing exposure to ICT\u2011related vulnerabilities has become essential. As noted by the European Systemic Risk Board in 2020, inadequate management of digital risks can trigger major service outages within financial institutions and potentially spill over into other industries.<\/p>\n

The Regulation covers a broad set of obligations, including ICT risk management<\/strong>, oversight of third\u2011party ICT providers, digital operational resilience testing, incident reporting, information\u2011sharing frameworks, and the supervision of critical external service providers. DORA also consolidates previously dispersed rules<\/strong> relating to operational resilience, eliminating inconsistencies and regulatory fragmentation at the EU level.<\/p>\n

The choice to adopt a Regulation\u2014rather than a directive\u2014is intentional. As highlighted in Recital 14, this legislative form reduces regulatory complexity, promotes supervisory convergence, increases legal certainty, and helps limit compliance costs, particularly for organisations operating across borders.<\/p>\n

The process leading up to DORA\u2019s application has not been without challenges. For instance, EIOPA withdrew two guidelines and announced amendments to an existing opinion in order to streamline the regulatory framework and avoid overlaps in the insurance and pension sectors.<\/p>\n

It is also important to note that DORA applies to all financial\u2011sector entities, each with their own characteristics. Significant efforts were made by ADECOSE and BIPAR to secure an exemption for micro, small, and medium\u2011sized insurance intermediaries<\/strong> that do not rely solely on automated sales tools. These organisations argued that intermediaries could not realistically comply with the same administrative and technical obligations imposed on insurers. As a result, in November 2021, the European Parliament\u2019s Committee on Economic and Monetary Affairs agreed to exempt intermediaries with fewer than 250 employees\u2014an exemption reflected in Recital 43 of DORA\u2014which reportedly eliminates up to 120 administrative requirements<\/strong> for these entities.<\/p>\n

Regarding insurance companies, an ICEA study published in September 2024 revealed that only 1.2%<\/strong> of Spanish insurers considered themselves fully compliant with DORA, while half estimated they were between 50% and 75%<\/strong> of the way through their adaptation process. The main challenges identified include tight implementation deadlines, limited availability of specialised staff, and the need for additional training. Many insurers have been forced to increase budgets, reorganise internal structures, introduce new functions, and hire specialised professionals.<\/strong><\/p>\n

Regulators have also had to prepare for DORA\u2019s entry into application. For example, Spain\u2019s DGSFP created a new division responsible for technological supervision and digital innovation<\/strong>, underwent a security audit under the National Security Scheme, and established a platform to facilitate the reporting of cyber incidents. It also enabled voluntary DORA readiness tests.<\/p>\n

To assist market participants, the DGSFP has compiled all relevant DORA materials on its website, including the Regulation itself, related EIOPA publications, secondary legislation, protocols for notifying cyber incidents or threats, and procedures for submitting regulatory queries.<\/p>\n

Conclusion:<\/strong> As dependence on digital technologies continues to grow, the financial sector becomes more exposed to cyber risks and operational disruptions\u2014issues that can significantly undermine user and market confidence. A robust regulatory framework such as DORA is therefore essential to ensure that the benefits of ICT innovation can be fully leveraged while keeping associated risks under control.<\/p>\n

At the Insurance Law Department<\/a> of Belzuz Abogados, S.L.P.<\/a>, we remain at your disposal to analyse any issues related to civil liability and insurance with the highest level of professionalism, expertise, and efficiency.<\/p>\n","protected":false},"featured_media":18937,"template":"","categories":[],"area-de-practica":[],"publicaciones":[66],"idioma-publicacion":[71],"areas-practica-publicacciones":[],"class_list":["post-19261","publicacion","type-publicacion","status-publish","has-post-thumbnail","hentry","publicaciones-jose-garzon","idioma-publicacion-ingles"],"acf":[],"_links":{"self":[{"href":"https:\/\/belzuz.com\/en\/wp-json\/wp\/v2\/publicacion\/19261","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/belzuz.com\/en\/wp-json\/wp\/v2\/publicacion"}],"about":[{"href":"https:\/\/belzuz.com\/en\/wp-json\/wp\/v2\/types\/publicacion"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/belzuz.com\/en\/wp-json\/wp\/v2\/media\/18937"}],"wp:attachment":[{"href":"https:\/\/belzuz.com\/en\/wp-json\/wp\/v2\/media?parent=19261"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/belzuz.com\/en\/wp-json\/wp\/v2\/categories?post=19261"},{"taxonomy":"area-de-practica","embeddable":true,"href":"https:\/\/belzuz.com\/en\/wp-json\/wp\/v2\/area-de-practica?post=19261"},{"taxonomy":"publicaciones","embeddable":true,"href":"https:\/\/belzuz.com\/en\/wp-json\/wp\/v2\/publicaciones?post=19261"},{"taxonomy":"idioma-publicacion","embeddable":true,"href":"https:\/\/belzuz.com\/en\/wp-json\/wp\/v2\/idioma-publicacion?post=19261"},{"taxonomy":"areas-practica-publicacciones","embeddable":true,"href":"https:\/\/belzuz.com\/en\/wp-json\/wp\/v2\/areas-practica-publicacciones?post=19261"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}