{"id":530368,"date":"2024-10-30T09:00:00","date_gmt":"2024-10-30T13:00:00","guid":{"rendered":"https:\/\/www.commvault.com\/?p=530368"},"modified":"2024-10-30T14:16:11","modified_gmt":"2024-10-30T18:16:11","slug":"exploring-dora-understanding-the-global-regulatory-landscape","status":"publish","type":"post","link":"https:\/\/www.commvault.com\/blogs\/exploring-dora-understanding-the-global-regulatory-landscape","title":{"rendered":"Exploring DORA: Understanding the Global Regulatory Landscape"},"content":{"rendered":"\n<p class=\"\">In an increasingly interconnected world, the importance of robust regulatory frameworks to increase the stability and security of financial systems cannot be overstated. The European Union\u2019s Digital Operational Resilience Act (DORA) is a significant regulatory development aimed at enhancing the operational resilience of financial entities. This blog explores how DORA compares to other major regulations globally, highlighting its unique features and the broader implications for the financial industry.<\/p>\n\n\n\n<h4 class=\"wp-block-heading\" id=\"h-understanding-dora\">Understanding DORA<\/h4>\n\n\n\n<p class=\"\">The European Commission introduced DORA as part of the Digital Finance Package in September 2020. Its primary objective is to enhance the ability of financial institutions to withstand, respond to, and recover from all types of ICT-related disruptions and threats. DORA applies to a wide range of financial entities, including banks, insurance companies, investment firms, and third-party ICT service providers.<\/p>\n\n\n\n<h5 class=\"wp-block-heading\" id=\"h-key-components-of-dora-include\">Key components of DORA include:<\/h5>\n\n\n\n<ol class=\"wp-block-list\">\n<li class=\"\"><strong>ICT risk management<\/strong>: Financial entities must implement comprehensive ICT risk management frameworks to identify, assess, and mitigate risks.<\/li>\n\n\n\n<li class=\"\"><strong>Incident reporting<\/strong>: Mandatory reporting of significant ICT-related incidents to competent authorities.<\/li>\n\n\n\n<li class=\"\"><strong>Digital operational resilience testing<\/strong>: Regular testing of ICT systems to enable resilience against disruptions.<\/li>\n\n\n\n<li class=\"\"><strong>Third-party risk management<\/strong>: Enhanced oversight of third-party ICT service providers to hold them to resilience standards.<\/li>\n\n\n\n<li class=\"\"><strong>Information sharing<\/strong>: Encouragement of information sharing among financial entities to improve collective resilience.<\/li>\n<\/ol>\n\n\n\n<h4 class=\"wp-block-heading\" id=\"h-comparing-dora-to-other-regulations-and-industry-best-practices\">Comparing DORA to Other Regulations and Industry Best Practices<\/h4>\n\n\n\n<h5 class=\"wp-block-heading\" id=\"h-1-nist-cybersecurity-framework-united-states\">1.\u00a0NIST Cybersecurity Framework (United States)<\/h5>\n\n\n\n<p class=\"\">The National Institute of Standards and Technology Cybersecurity Framework is a voluntary framework that provides guidelines for managing and reducing cybersecurity risks. While not a regulatory requirement, it is widely adopted by U.S. financial institutions.<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li class=\"\"><strong>Scope:<\/strong>\u00a0Unlike DORA, which is mandatory for EU financial entities, the NIST framework is voluntary and can be applied to any industry.<\/li>\n\n\n\n<li class=\"\"><strong>Focus:<\/strong>\u00a0Both frameworks focus on broader cybersecurity risk management practices, with DORA placing significantly more focus on operational resilience.<\/li>\n\n\n\n<li class=\"\"><strong>Incident reporting:<\/strong>\u00a0DORA mandates incident reporting, while NIST encourages it but does not require it.<\/li>\n<\/ul>\n\n\n\n<h5 class=\"wp-block-heading\" id=\"h-2-gdpr-european-union\">2.\u00a0GDPR (European Union)<\/h5>\n\n\n\n<p class=\"\">The General Data Protection Regulation another significant EU regulation, primarily focused on data protection and privacy.<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li class=\"\"><strong>Scope:<\/strong>\u00a0GDPR applies to all organizations processing personal data of EU citizens, while DORA is specific to financial entities.<\/li>\n\n\n\n<li class=\"\"><strong>Focus:<\/strong>\u00a0GDPR emphasizes data protection and privacy, whereas DORA focuses on operational resilience and ICT risk management.<\/li>\n\n\n\n<li class=\"\"><strong>Incident reporting:<\/strong>\u00a0Both regulations require incident reporting, but GDPR focuses on personal data breaches, while DORA covers a broader range of ICT incidents.<\/li>\n<\/ul>\n\n\n\n<h5 class=\"wp-block-heading\" id=\"h-3-basel-iii-global\">3.\u00a0Basel III (Global)<\/h5>\n\n\n\n<p class=\"\">Basel III is a global set of international regulatory standards developed by the Basel Committee on Banking Supervision to strengthen regulation, supervision, and risk management within the banking sector. The EU is implementing the Basel III framework beginning January 1, 2025, while the implementation in United States and United Kingdom is likely to be delayed.<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li class=\"\"><strong>Scope:<\/strong>\u00a0Basel III is specific to internationally active banks, while DORA applies to a wider range of financial entities.<\/li>\n\n\n\n<li class=\"\"><strong>Focus:<\/strong>\u00a0Basel III focuses on capital adequacy, stress testing, and market liquidity risk, whereas DORA focuses on ICT risk management. Both address operational resilience.<\/li>\n\n\n\n<li class=\"\"><strong>Incident reporting:<\/strong>\u00a0Basel III does not specifically mandate ICT incident reporting, unlike DORA.<\/li>\n<\/ul>\n\n\n\n<h5 class=\"wp-block-heading\" id=\"h-4-fca-operational-resilience-framework-united-kingdom\">4.\u00a0FCA Operational Resilience Framework (United Kingdom)<\/h5>\n\n\n\n<p class=\"\">The Financial Conduct Authority in the UK has its own operational resilience framework, which shares similarities with DORA.<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li class=\"\"><strong>Scope:<\/strong>\u00a0Both frameworks apply to financial entities, but the FCA framework is specific to the UK.<\/li>\n\n\n\n<li class=\"\"><strong>Focus:<\/strong>\u00a0Both frameworks emphasize operational resilience, but DORA has a broader scope, including third-party risk management and information sharing.<\/li>\n\n\n\n<li class=\"\"><strong>Incident reporting:<\/strong>\u00a0Both frameworks require incident reporting, but DORA has more detailed requirements.<\/li>\n<\/ul>\n\n\n\n<h4 class=\"wp-block-heading\" id=\"h-implications-for-the-financial-industry\">Implications for the Financial Industry<\/h4>\n\n\n\n<p class=\"\">The introduction of DORA represents a significant step toward enhancing the operational resilience of financial entities in the EU. By mandating comprehensive ICT risk management, regular resilience testing, and robust incident reporting, DORA aims to mitigate the impact of ICT-related disruptions on the financial system.<\/p>\n\n\n\n<p class=\"\">For financial entities operating globally, compliance with multiple regulatory frameworks can be challenging. However, the principles of DORA align with many existing regulations and industry best practices, such as the NIST Cybersecurity Framework and the FCA Operational Resilience Framework. This alignment can facilitate a more integrated approach to managing ICT risks and operational resilience. As long the main capabilities required by DORA are addressed, financial entities remain free to use ICT risk management models that are differently framed or categorized.<\/p>\n\n\n\n<h4 class=\"wp-block-heading\" id=\"h-conclusion\">Conclusion<\/h4>\n\n\n\n<p class=\"\">DORA sets a high standard for operational resilience in the financial sector, with its comprehensive approach to ICT risk management, incident reporting, and third-party oversight. While it shares similarities with other regulations, its mandatory nature and broad scope make it a unique and influential regulatory framework. As the global regulatory landscape continues to evolve, financial entities must stay informed and adapt to maintain compliance and resilience in an increasingly digital world.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>Learn how DORA compares to other regulations.<\/p>\n","protected":false},"author":171,"featured_media":530369,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"_custom_css":"","_custom_js_footer":"","_page_background_color":"","_remove_from_search":false,"_dark_mode":false,"_light_footer_mode":false,"_sidebar_form":{"id":"","name":"","cta":"","redirect":""},"_alert_notification_bar":{"show":true,"bg_color":"","content":"","call_to_action_label":"","call_to_action_link":""},"_footer_cta":{"show":false,"title":"","subtitle":"","cta_text":"","cta_link":"","background":{"id":0,"url":""}},"_cmv_customer_logo":{"id":0,"url":""},"_jetpack_memberships_contains_paid_content":false,"i18n_hreflangs":"","footnotes":""},"categories":[212],"tags":[1654],"cmv_author":[1538],"class_list":{"0":"post-530368","1":"post","2":"type-post","3":"status-publish","4":"format-standard","5":"has-post-thumbnail","7":"category-security-and-compliance-2","8":"tag-digital-operational-resilience-act-dora","9":"cmv_author-the-collaborative","10":"entry"},"yoast_head":"<!-- This site is optimized with the Yoast SEO Premium plugin v23.0 (Yoast SEO v23.0) - https:\/\/yoast.com\/wordpress\/plugins\/seo\/ -->\n<title>Understanding the Global Regulatory Landscape | Blog<\/title>\n<meta name=\"description\" content=\"Explore how DORA compares to other major regulations globally, its unique features and the broader implications for the financial industry.\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/www.commvault.com\/blogs\/exploring-dora-understanding-the-global-regulatory-landscape\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Exploring DORA: Understanding the Global Regulatory Landscape\" \/>\n<meta property=\"og:description\" content=\"Explore how DORA compares to other major regulations globally, its unique features and the broader implications for the financial industry.\" \/>\n<meta property=\"og:url\" content=\"https:\/\/www.commvault.com\/blogs\/exploring-dora-understanding-the-global-regulatory-landscape\" \/>\n<meta property=\"og:site_name\" content=\"Commvault - English - United States\" \/>\n<meta property=\"article:publisher\" content=\"https:\/\/www.facebook.com\/Commvault\/\" \/>\n<meta property=\"article:published_time\" content=\"2024-10-30T13:00:00+00:00\" \/>\n<meta property=\"article:modified_time\" content=\"2024-10-30T18:16:11+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/www.commvault.com\/wp-content\/uploads\/2024\/10\/Social_BLOG-Dora_1_Linkedin-1.png\" \/>\n\t<meta property=\"og:image:width\" content=\"1200\" \/>\n\t<meta property=\"og:image:height\" content=\"628\" \/>\n\t<meta property=\"og:image:type\" content=\"image\/png\" \/>\n<meta name=\"author\" content=\"unguyen\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:creator\" content=\"@commvault\" \/>\n<meta name=\"twitter:site\" content=\"@commvault\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"unguyen\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"4 minutes\" \/>\n<!-- \/ Yoast SEO Premium plugin. -->","yoast_head_json":{"title":"Understanding the Global Regulatory Landscape | Blog","description":"Explore how DORA compares to other major regulations globally, its unique features and the broader implications for the financial industry.","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/www.commvault.com\/blogs\/exploring-dora-understanding-the-global-regulatory-landscape","og_locale":"en_US","og_type":"article","og_title":"Exploring DORA: Understanding the Global Regulatory Landscape","og_description":"Explore how DORA compares to other major regulations globally, its unique features and the broader implications for the financial industry.","og_url":"https:\/\/www.commvault.com\/blogs\/exploring-dora-understanding-the-global-regulatory-landscape","og_site_name":"Commvault - English - United States","article_publisher":"https:\/\/www.facebook.com\/Commvault\/","article_published_time":"2024-10-30T13:00:00+00:00","article_modified_time":"2024-10-30T18:16:11+00:00","og_image":[{"width":1200,"height":628,"url":"https:\/\/www.commvault.com\/wp-content\/uploads\/2024\/10\/Social_BLOG-Dora_1_Linkedin-1.png","type":"image\/png"}],"author":"unguyen","twitter_card":"summary_large_image","twitter_creator":"@commvault","twitter_site":"@commvault","twitter_misc":{"Written by":"unguyen","Est. reading time":"4 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/www.commvault.com\/blogs\/exploring-dora-understanding-the-global-regulatory-landscape#article","isPartOf":{"@id":"https:\/\/www.commvault.com\/blogs\/exploring-dora-understanding-the-global-regulatory-landscape"},"author":{"name":"unguyen","@id":"https:\/\/commvault-new.go-vip.net\/#\/schema\/person\/dba72b5a781f4b5fd095bc52380eb45c"},"headline":"Exploring DORA: Understanding the Global Regulatory Landscape","datePublished":"2024-10-30T13:00:00+00:00","dateModified":"2024-10-30T18:16:11+00:00","mainEntityOfPage":{"@id":"https:\/\/www.commvault.com\/blogs\/exploring-dora-understanding-the-global-regulatory-landscape"},"wordCount":784,"publisher":{"@id":"https:\/\/commvault-new.go-vip.net\/#organization"},"image":{"@id":"https:\/\/www.commvault.com\/blogs\/exploring-dora-understanding-the-global-regulatory-landscape#primaryimage"},"thumbnailUrl":"https:\/\/www.commvault.com\/wp-content\/uploads\/2024\/10\/Social_BLOG-Dora_1_Linkedin-1.png","keywords":["Digital Operational Resilience Act (DORA)"],"articleSection":["Security and Compliance"],"inLanguage":"en-US"},{"@type":"WebPage","@id":"https:\/\/www.commvault.com\/blogs\/exploring-dora-understanding-the-global-regulatory-landscape","url":"https:\/\/www.commvault.com\/blogs\/exploring-dora-understanding-the-global-regulatory-landscape","name":"Understanding the Global Regulatory Landscape | Blog","isPartOf":{"@id":"https:\/\/commvault-new.go-vip.net\/#website"},"primaryImageOfPage":{"@id":"https:\/\/www.commvault.com\/blogs\/exploring-dora-understanding-the-global-regulatory-landscape#primaryimage"},"image":{"@id":"https:\/\/www.commvault.com\/blogs\/exploring-dora-understanding-the-global-regulatory-landscape#primaryimage"},"thumbnailUrl":"https:\/\/www.commvault.com\/wp-content\/uploads\/2024\/10\/Social_BLOG-Dora_1_Linkedin-1.png","datePublished":"2024-10-30T13:00:00+00:00","dateModified":"2024-10-30T18:16:11+00:00","description":"Explore how DORA compares to other major regulations globally, its unique features and the broader implications for the financial industry.","breadcrumb":{"@id":"https:\/\/www.commvault.com\/blogs\/exploring-dora-understanding-the-global-regulatory-landscape#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/www.commvault.com\/blogs\/exploring-dora-understanding-the-global-regulatory-landscape"]}]},{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.commvault.com\/blogs\/exploring-dora-understanding-the-global-regulatory-landscape#primaryimage","url":"https:\/\/www.commvault.com\/wp-content\/uploads\/2024\/10\/Social_BLOG-Dora_1_Linkedin-1.png","contentUrl":"https:\/\/www.commvault.com\/wp-content\/uploads\/2024\/10\/Social_BLOG-Dora_1_Linkedin-1.png","width":1200,"height":628},{"@type":"BreadcrumbList","@id":"https:\/\/www.commvault.com\/blogs\/exploring-dora-understanding-the-global-regulatory-landscape#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/www.commvault.com\/"},{"@type":"ListItem","position":2,"name":"Exploring DORA: Understanding the Global Regulatory Landscape"}]},{"@type":"WebSite","@id":"https:\/\/commvault-new.go-vip.net\/#website","url":"https:\/\/commvault-new.go-vip.net\/","name":"Commvault - English - United States","description":"","publisher":{"@id":"https:\/\/commvault-new.go-vip.net\/#organization"},"potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/commvault-new.go-vip.net\/?s={search_term_string}"},"query-input":"required name=search_term_string"}],"inLanguage":"en-US"},{"@type":"Organization","@id":"https:\/\/commvault-new.go-vip.net\/#organization","name":"Commvault","url":"https:\/\/commvault-new.go-vip.net\/","logo":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/commvault-new.go-vip.net\/#\/schema\/logo\/image\/","url":"https:\/\/www.commvault.com\/wp-content\/uploads\/2024\/03\/logo-commvault-horizontal.jpg?quality=80","contentUrl":"https:\/\/www.commvault.com\/wp-content\/uploads\/2024\/03\/logo-commvault-horizontal.jpg?quality=80","width":1200,"height":628,"caption":"Commvault"},"image":{"@id":"https:\/\/commvault-new.go-vip.net\/#\/schema\/logo\/image\/"},"sameAs":["https:\/\/www.facebook.com\/Commvault\/","https:\/\/x.com\/commvault","https:\/\/www.instagram.com\/commvault\/","https:\/\/www.linkedin.com\/company\/commvault","https:\/\/www.youtube.com\/user\/commvault","https:\/\/en.wikipedia.org\/wiki\/Commvault"]},{"@type":"Person","@id":"https:\/\/commvault-new.go-vip.net\/#\/schema\/person\/dba72b5a781f4b5fd095bc52380eb45c","name":"unguyen","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/commvault-new.go-vip.net\/#\/schema\/person\/image\/","url":"https:\/\/secure.gravatar.com\/avatar\/564707f567262bb740287c608ef955e5?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/564707f567262bb740287c608ef955e5?s=96&d=mm&r=g","caption":"unguyen"}}]}},"jetpack_featured_media_url":"https:\/\/www.commvault.com\/wp-content\/uploads\/2024\/10\/Social_BLOG-Dora_1_Linkedin-1.png","jetpack_sharing_enabled":true,"_links":{"self":[{"href":"https:\/\/www.commvault.com\/wp-json\/wp\/v2\/posts\/530368","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.commvault.com\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.commvault.com\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.commvault.com\/wp-json\/wp\/v2\/users\/171"}],"replies":[{"embeddable":true,"href":"https:\/\/www.commvault.com\/wp-json\/wp\/v2\/comments?post=530368"}],"version-history":[{"count":3,"href":"https:\/\/www.commvault.com\/wp-json\/wp\/v2\/posts\/530368\/revisions"}],"predecessor-version":[{"id":530373,"href":"https:\/\/www.commvault.com\/wp-json\/wp\/v2\/posts\/530368\/revisions\/530373"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.commvault.com\/wp-json\/wp\/v2\/media\/530369"}],"wp:attachment":[{"href":"https:\/\/www.commvault.com\/wp-json\/wp\/v2\/media?parent=530368"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.commvault.com\/wp-json\/wp\/v2\/categories?post=530368"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.commvault.com\/wp-json\/wp\/v2\/tags?post=530368"},{"taxonomy":"cmv_author","embeddable":true,"href":"https:\/\/www.commvault.com\/wp-json\/wp\/v2\/cmv_author?post=530368"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}