DIGITAL OPERATIONAL RESILIENCE ACT

The Digital Operational Resilience Act (DORA) is an EU regulation that entered into force on 16 January 2023 and will start applying on 17 January 2025.

DORA aims at strengthening the information and communication technology (ICT) security of financial entities to make sure that the financial sector in Europe is able to stay resilient in the event of a severe operational digital disruption. DORA brings harmonisation of the rules relating to digital operational resilience for the financial sector applying to 21 different types of financial entities, including securitisation repositories.

What does DORA mean for European DataWarehouse?

As a securitisation repository, European DataWarehouse is listed amongst the subject to the DORA requirements. Primarily this means that European DataWarehouse risk management framework needs to adhere to the standards set by DORA in the following areas:

  • ICT risk management;
  • Digital operational resilience testing;
  • ICT third-party risk management;
  • ICT-related incidents.

Is European DataWarehouse prepared to comply with DORA?

In March 2023 European DataWarehouse launched a plan to implement DORA. Throughout this journey, European DataWarehouse has adjusted its governance and risk management framework to meet the DORA requirements by 17 January 2025.

Amongst others, European DataWarehouse has adopted the following measures:

  1. Revision of governance structure, policies, procedures and IT systems processes;
  2. Adoption of necessary new policies and procedures;
  3. Review of existing contractual arrangements with ICT third-party service providers;
  4. Participation in the 2024 dry-run exercise on the reporting of registers of information;
  5. Organisation of an internal corporate awareness raising programme.

As a customer of European DataWarehouse, do I have to take any steps with regards to the contract in place with European DataWarehouse?

The steps to be taken depends on the type of services that you have engaged with European DataWarehouse. 

If you are a data owner or a data provider reporting securitisation transactions, as well as a data user accessing securitisation information, you do not need to take any action. European DataWarehouse, as a securitisation repository, will comply with the DORA requirements and will be directly supervised by ESMA in this matter.

If you are a data owner or data provider reporting other types of deals (e.g., covered bonds, pools of additional credit claims, portfolios of non-performing loans, etc.) the contract with European DataWarehouse will be affected. Please contact us at DORAcompliance@eurodw.eu 

If you have agreed with European DataWarehouse any customised services, please contact us at  DORAcompliance@eurodw.eu for further guidance.

For further information regarding European DataWarehouse’s compliance with DORA, including EDW policies, please contact us below

Request information