DORA: What rules does the new era of cybersecurity bring?


Regulations at the European Union level have been an important topic in recent years, not only for traditional financial institutions, but also for cryptocurrency and fintech companies.

We have been focusing on the MiCA regulation really intensively in recent months and years. We have organised two panel discussions on this topic, attended by experts and politicians.

But MiCA is not the only one knocking on the door. The whole of the European financial world will welcome DORA, which focuses on protecting the financial sector from cyber threats.


What is DORA?

DORA is a new regulation that unifies digital security standards across the European Union for financial institutions and other entities supervised by financial regulators. It is part of a wider strategy, "Europe Fit for the Digital Age", which aims to adapt the European economy to the digital era while ensuring its security and resilience to technological risks.

The regulation introduces new rules on information and communication technology (ICT) risk management that will apply not only to banks and exchanges, but also to fintech and cryptocurrency companies. These companies face pressures not only for improved cyber security, but also for increased transparency and control by regulators.


DORA requirements

DORA provides a set of specific actions that financial institutions and other entities will need to comply with to withstand cyber-attacks and technological disruptions:

  1. ICT Risk Management
    European supervisors, in cooperation with IT experts, will develop binding technical standards (RTS) that set out clear procedures for managing risks related to information and communication technologies. These include the obligation to establish and maintain data protection systems, monitor cyber incidents and take measures to minimise their impact.

  2. ICT incident reporting
    Companies will be required to report ICT-related incidents in accordance with strict standards that will determine the severity of the incident and the obligation to report it to the relevant regulatory authorities. This will allow for rapid response and coordination in dealing with issues that could threaten financial stability.

  3. System resilience testing
    Subjects will be required to conduct regular testing of the resilience of their systems to cyber threats. Testing methods include, for example, penetration tests that simulate hacking attacks to examine the level of security and identify weaknesses in systems.

  4. Third party risk management
    If company use third-party services, the same level of security that DORA requires of financial institutions will be applied to them. This includes a requirement that third parties that are deemed critical have a subsidiary in the EU. This requirement could create complications in the selection of service providers, particularly for cryptocurrency and fintech companies that often work with providers outside Europe.

  5. Oversight of third parties
    DORA ensures that oversight of critical third parties will be carried out by regulators who will have access to information about their security processes and system resilience. This will ensure a higher level of protection against potential risks.


Who will be most affected by DORA?

The implementation of DORA is likely to affect fintech and cryptocurrency companies the most, as they will have to invest heavily in improving cybersecurity and meeting new regulatory requirements. While traditional financial institutions such as banks or exchanges often already have robust security systems in place, smaller and rapidly growing cryptocurrency and fintech firms may face increased operational and security costs.

For example, cryptocurrency exchanges will need to develop detailed risk management plans and ensure that their systems are regularly tested and certified. This may place not only a financial burden on some entities, but also the need to adapt to new rules in a short period of time, requiring complex changes to their business.


DORA as a step towards the future

The DORA Regulation is part of the European Union's wider efforts to secure that its financial sector is ready to face the new challenges of the digital age. It is a key part of the digital transformation, which aims not only to protect financial institutions from technological risks, but also to strengthen confidence in the European financial market as a whole. For cryptocurrency companies, this means a new standard that will shape their future development and operations in the European area.


Probinex and DORA

The Probinex project has been working towards regulation since the beginning. Participants of the Probinex Event: 'Regulation as an Opportunity' were able to hear the whole vision of meeting the legislative requirements. The project is confident that a comprehensive regulatory framework will indeed bring opportunities. But only for the prepared, which we are doing our best to be.

Among other things, DORA requires rigorous ICT risk management and regular testing of system resilience, for example through penetration testing. Probinex is already preparing for these requirements by deploying technologies such as Fireblocks, which help ensure secure operations with digital assets.

This initiative is part of Probinex's wider strategy to focus on mass adoption of cryptocurrencies in line with regulatory requirements.

With its proactive approach to regulations, including DORA, Probinex positions itself as one of the leaders able to successfully combine the dynamics of the cryptocurrency world with the necessary digital resilience and transparency required by European regulations.