DORA
What is the Digital Operation Resilience Act (DORA):
DORA is a comprehensive regulatory framework entered into force on 16 January 2023 and will apply as of 17 January 2025. It is enforced collectively by the European Banking Authority, European Securities and Markets Authority, and European Insurance and Occupational Pension Authority. It aims to ensure that the financial sector in Europe is able to stay resilient in the event of a severe operational disruption.
Who does DORA apply to:
It applies to all financial sector entities and ICT third-party providers who provide ICT services to financial entities and are identified as critical (CTPPs). According to the EBA website, the first designation of the CTPPs is expected to be announced in the second quarter of 2025.
Does Ansarada support a “critical or important function?”
No, Ansarada does not consider its services as supporting a “critical or important function.” Ansarada is not a long-term repository of data that covered entities are “dependent” on for: (a) its day-to-day operations, (b) providing its financial products and services to various private or public investors, (c) compliance with its requirements under the law or (d) any service where unavailability would cause systemic impact, adverse effects or endanger the financial stability of the covered entity to the degree considered under DORA. In all cases, covered entities (or their clients) upload copies of information already hosted in their internal systems for a limited duration and for the limited purpose of sharing information with third parties during the due diligence phase of an M&A transaction. Most processes last between 3 and 9 months, at which time the project is closed, and the materials and reporting can be easily exported and “fully migrated” to the covered entities internal systems or any number other file sharing providers, for which there are dozens “real alternatives” in the industry.