DORA aims to improve the digital operational resilience of financial entities in the EU and their ICT suppliers and create a uniform regulatory framework across the EU, in order to reduce the susceptibility to cyber threats across the entire value chain of the financial sector.
Article 2 defines financial entities as: The regulation explicitly does not apply to: Article 4 defines the proportionality principle, resulting in some exceptions for smaller enterprises which fall within the scope of the regulation despite their size.
An example for this is the simplified ICT risk management framework according to Article 16 in combination with a regulatory technical standard (RTS).
The regulation comprises 64 articles divided into 9 chapters: In addition, the European Supervisory Authorities develop regulatory and implementing technical standards (RTS and ITS), which, being published in the Official Journal of the European Union, also become legally binding: DORA will have an impact on pension schemes.
Pension schemes having more than 15 but fewer than 100 members will be subject to a simplified ICT risk management framework.