{"id":3934,"date":"2025-02-12T13:45:04","date_gmt":"2025-02-12T12:45:04","guid":{"rendered":"https:\/\/www.crccdlex.com\/?p=3934"},"modified":"2025-02-12T13:54:42","modified_gmt":"2025-02-12T12:54:42","slug":"cybersecurity-in-the-financial-sector-and-beyond-the-dora-regulation","status":"publish","type":"post","link":"https:\/\/www.crccdlex.com\/en\/cybersecurity-in-the-financial-sector-and-beyond-the-dora-regulation\/","title":{"rendered":"Cybersecurity in the Financial Sector and Beyond: the DORA Regulation"},"content":{"rendered":"<h3>Introduction<\/h3>\n<p>The Firm assists financial entities in complying with the <b>DORA Regulation<\/b>, supporting them in analysing ICT risks, managing relationships with third-party suppliers, reviewing outsourcing contracts and adjusting their internal policies.<\/p>\n<h3>DORA Regulation ( EU Reg. 2022\/2254)<\/h3>\n<p><img decoding=\"async\" class=\"lazyload  wp-image-3935 aligncenter\" src=\"https:\/\/www.crccdlex.com\/wp-content\/uploads\/Immagine-2025-02-12-134834-eng-300x132.png\" data-orig-src=\"https:\/\/www.crccdlex.com\/wp-content\/uploads\/Immagine-2025-02-12-134834-eng-300x132.png\" alt=\"\" width=\"677\" height=\"298\" srcset=\"data:image\/svg+xml,%3Csvg%20xmlns%3D%27http%3A%2F%2Fwww.w3.org%2F2000%2Fsvg%27%20width%3D%27677%27%20height%3D%27298%27%20viewBox%3D%270%200%20677%20298%27%3E%3Crect%20width%3D%27677%27%20height%3D%27298%27%20fill-opacity%3D%220%22%2F%3E%3C%2Fsvg%3E\" data-srcset=\"https:\/\/www.crccdlex.com\/wp-content\/uploads\/Immagine-2025-02-12-134834-eng-200x88.png 200w, https:\/\/www.crccdlex.com\/wp-content\/uploads\/Immagine-2025-02-12-134834-eng-300x132.png 300w, https:\/\/www.crccdlex.com\/wp-content\/uploads\/Immagine-2025-02-12-134834-eng-400x175.png 400w, https:\/\/www.crccdlex.com\/wp-content\/uploads\/Immagine-2025-02-12-134834-eng-600x263.png 600w, https:\/\/www.crccdlex.com\/wp-content\/uploads\/Immagine-2025-02-12-134834-eng.png 661w\" data-sizes=\"auto\" data-orig-sizes=\"(max-width: 677px) 100vw, 677px\" \/><\/p>\n<h3>Scope: not just financial entities<\/h3>\n<p>The Regulation does not apply exclusively to financial entities. Specific provisions also directly affect critical third-party ICT service providers, recognizing their central role in the technological supply chain.<\/p>\n<h3>Third-party ICT risk management: Key focus<\/h3>\n<ul>\n<li>One of the \u00abpillars\u00bb of the DORA Regulation is the set of rules aimed at managing <b>ICT risk arising from third parties<\/b>, i.e. external providers to whom financial entities outsource ICT services. These services include \u201c<i>digital and data services provided through ICT systems to one or more internal or external users on an ongoing basis, including Hardware as a Service and hardware services which includes the provision of technical support via<\/i> <i>software or<\/i> <i>firmware updates by the hardware provider, excluding traditional analogue telephone services<\/i>\u201d.<\/li>\n<li>Examples of ICT services include <b>software licensing<\/b>, <b>cloud services <\/b>(IaaS, PaaS, SaaS), <b>network <\/b><b>infrastructure<\/b> <b>provision<\/b>,<b> Hardware <\/b><b>as<\/b><b> a Service<\/b>, and <b>technical support services<\/b>, including software and firmware updates provided by the hardware manufacturer.<\/li>\n<li>To mitigate risks associated with outsourcing, financial entities must adopt specific organizational and contractual measures with third-party ICT service providers.<\/li>\n<\/ul>\n<h3>Contracts for ICT services<\/h3>\n<ul>\n<li>Prior to the conclusion of any contract with ICT third-party service providers, a mandatory <b>pre-contractual analysis <\/b>must be carried out, including a specific <b>due diligence <\/b>on the provider\u2019s <b>qualifications<\/b> and <b>capabilities<\/b>.<\/li>\n<li>Contracts with ICT third-party service providers must comply with the minimum requirements set by the DORA Regulation, distinguishing between <b>services supporting <\/b>critical or important functions and services not supporting such functions.<\/li>\n<\/ul>\n<p>These requirements also impact on how providers handle <b>personal data<\/b>.<\/p>\n<h3>How to proceed?<\/h3>\n<ul>\n<li><b>Existing outsourcing contracts <\/b>to ICT services must be <b>renegotiated<\/b> by financial entities to ensure compliance with the DORA Regulation.<\/li>\n<li><b>New outsourcing contracts <\/b>must be drafted and negotiated in accordance with the <b>new legislative requirements<\/b>.<\/li>\n<\/ul>\n<p>In both cases, it is advisable for financial entities to develop a <b>standardized contractual model<\/b>, which can be customized as needed for each provider, ensuring compliance with the DORA Regulation.<\/p>\n<p>Flash news by IP-IT &amp; Privacy Team:<\/p>\n<p><a href=\"https:\/\/www.crccdlex.com\/en\/our-professionals\/alessandra-feller\/\">Alessandra Feller<\/a> \u2013 alessandra.feller@crccdlex.com<\/p>\n<p><a href=\"https:\/\/www.crccdlex.com\/en\/our-professionals\/giulia-iozzia\/\">Giulia Iozzia<\/a> \u2013 giulia.iozzia@crccdlex.com<\/p>\n<p><a href=\"https:\/\/www.crccdlex.com\/en\/our-professionals\/ginevra-lombardi\/\">Ginevra Lombardi<\/a> \u2013 ginevra.lombardi@crccdlex.com<\/p>\n","protected":false},"excerpt":{"rendered":"<p>Introduction The Firm assists financial entities in complying with the  [&#8230;]<\/p>\n","protected":false},"author":3,"featured_media":122,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"_acf_changed":false,"inline_featured_image":false,"footnotes":""},"categories":[77],"tags":[],"crccd-news":[],"class_list":["post-3934","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-dot-flash-news"],"acf":[],"yoast_head":"<!-- This site is optimized with the Yoast SEO plugin v27.4 - https:\/\/yoast.com\/product\/yoast-seo-wordpress\/ -->\n<title>Cybersecurity in the Financial Sector and Beyond: the DORA Regulation - Cappelli Riolo Calderaro Crisostomo Del Din &amp; Partners<\/title>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/www.crccdlex.com\/en\/cybersecurity-in-the-financial-sector-and-beyond-the-dora-regulation\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Cybersecurity in the Financial Sector and Beyond: the DORA Regulation - Cappelli Riolo Calderaro Crisostomo Del Din &amp; Partners\" \/>\n<meta property=\"og:description\" content=\"Introduction The Firm assists financial entities in complying with the [...]\" \/>\n<meta property=\"og:url\" content=\"https:\/\/www.crccdlex.com\/en\/cybersecurity-in-the-financial-sector-and-beyond-the-dora-regulation\/\" \/>\n<meta property=\"og:site_name\" content=\"Cappelli Riolo Calderaro Crisostomo Del Din &amp; Partners\" \/>\n<meta property=\"article:published_time\" content=\"2025-02-12T12:45:04+00:00\" \/>\n<meta property=\"article:modified_time\" content=\"2025-02-12T12:54:42+00:00\" \/>\n<meta name=\"author\" content=\"Francesca Bellecci\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"Francesca Bellecci\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"3 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\\\/\\\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\\\/\\\/www.crccdlex.com\\\/en\\\/cybersecurity-in-the-financial-sector-and-beyond-the-dora-regulation\\\/#article\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/www.crccdlex.com\\\/en\\\/cybersecurity-in-the-financial-sector-and-beyond-the-dora-regulation\\\/\"},\"author\":{\"name\":\"Francesca Bellecci\",\"@id\":\"https:\\\/\\\/www.crccdlex.com\\\/en\\\/#\\\/schema\\\/person\\\/20504d1fbd7230310fc3268370ee6ef2\"},\"headline\":\"Cybersecurity in the Financial Sector and Beyond: the DORA Regulation\",\"datePublished\":\"2025-02-12T12:45:04+00:00\",\"dateModified\":\"2025-02-12T12:54:42+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\\\/\\\/www.crccdlex.com\\\/en\\\/cybersecurity-in-the-financial-sector-and-beyond-the-dora-regulation\\\/\"},\"wordCount\":391,\"image\":{\"@id\":\"https:\\\/\\\/www.crccdlex.com\\\/en\\\/cybersecurity-in-the-financial-sector-and-beyond-the-dora-regulation\\\/#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/www.crccdlex.com\\\/wp-content\\\/uploads\\\/CRCCD-NEWS-Insights.svg\",\"articleSection\":[\"Dot Flash News\"],\"inLanguage\":\"en-US\"},{\"@type\":\"WebPage\",\"@id\":\"https:\\\/\\\/www.crccdlex.com\\\/en\\\/cybersecurity-in-the-financial-sector-and-beyond-the-dora-regulation\\\/\",\"url\":\"https:\\\/\\\/www.crccdlex.com\\\/en\\\/cybersecurity-in-the-financial-sector-and-beyond-the-dora-regulation\\\/\",\"name\":\"Cybersecurity in the Financial Sector and Beyond: the DORA Regulation - Cappelli Riolo Calderaro Crisostomo Del Din &amp; Partners\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/www.crccdlex.com\\\/en\\\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\\\/\\\/www.crccdlex.com\\\/en\\\/cybersecurity-in-the-financial-sector-and-beyond-the-dora-regulation\\\/#primaryimage\"},\"image\":{\"@id\":\"https:\\\/\\\/www.crccdlex.com\\\/en\\\/cybersecurity-in-the-financial-sector-and-beyond-the-dora-regulation\\\/#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/www.crccdlex.com\\\/wp-content\\\/uploads\\\/CRCCD-NEWS-Insights.svg\",\"datePublished\":\"2025-02-12T12:45:04+00:00\",\"dateModified\":\"2025-02-12T12:54:42+00:00\",\"author\":{\"@id\":\"https:\\\/\\\/www.crccdlex.com\\\/en\\\/#\\\/schema\\\/person\\\/20504d1fbd7230310fc3268370ee6ef2\"},\"breadcrumb\":{\"@id\":\"https:\\\/\\\/www.crccdlex.com\\\/en\\\/cybersecurity-in-the-financial-sector-and-beyond-the-dora-regulation\\\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\\\/\\\/www.crccdlex.com\\\/en\\\/cybersecurity-in-the-financial-sector-and-beyond-the-dora-regulation\\\/\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/www.crccdlex.com\\\/en\\\/cybersecurity-in-the-financial-sector-and-beyond-the-dora-regulation\\\/#primaryimage\",\"url\":\"https:\\\/\\\/www.crccdlex.com\\\/wp-content\\\/uploads\\\/CRCCD-NEWS-Insights.svg\",\"contentUrl\":\"https:\\\/\\\/www.crccdlex.com\\\/wp-content\\\/uploads\\\/CRCCD-NEWS-Insights.svg\",\"width\":512,\"height\":512},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\\\/\\\/www.crccdlex.com\\\/en\\\/cybersecurity-in-the-financial-sector-and-beyond-the-dora-regulation\\\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\\\/\\\/www.crccdlex.com\\\/en\\\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Cybersecurity in the Financial Sector and Beyond: the DORA Regulation\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\\\/\\\/www.crccdlex.com\\\/en\\\/#website\",\"url\":\"https:\\\/\\\/www.crccdlex.com\\\/en\\\/\",\"name\":\"Cappelli Riolo Calderaro Crisostomo Del Din &amp; Partners\",\"description\":\"una boutique del diritto d\u2019impresa\",\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\\\/\\\/www.crccdlex.com\\\/en\\\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":\"Person\",\"@id\":\"https:\\\/\\\/www.crccdlex.com\\\/en\\\/#\\\/schema\\\/person\\\/20504d1fbd7230310fc3268370ee6ef2\",\"name\":\"Francesca Bellecci\",\"url\":\"https:\\\/\\\/www.crccdlex.com\\\/en\\\/author\\\/francesca-bellecci\\\/\"}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"Cybersecurity in the Financial Sector and Beyond: the DORA Regulation - Cappelli Riolo Calderaro Crisostomo Del Din &amp; Partners","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/www.crccdlex.com\/en\/cybersecurity-in-the-financial-sector-and-beyond-the-dora-regulation\/","og_locale":"en_US","og_type":"article","og_title":"Cybersecurity in the Financial Sector and Beyond: the DORA Regulation - Cappelli Riolo Calderaro Crisostomo Del Din &amp; Partners","og_description":"Introduction The Firm assists financial entities in complying with the [...]","og_url":"https:\/\/www.crccdlex.com\/en\/cybersecurity-in-the-financial-sector-and-beyond-the-dora-regulation\/","og_site_name":"Cappelli Riolo Calderaro Crisostomo Del Din &amp; Partners","article_published_time":"2025-02-12T12:45:04+00:00","article_modified_time":"2025-02-12T12:54:42+00:00","author":"Francesca Bellecci","twitter_card":"summary_large_image","twitter_misc":{"Written by":"Francesca Bellecci","Est. reading time":"3 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/www.crccdlex.com\/en\/cybersecurity-in-the-financial-sector-and-beyond-the-dora-regulation\/#article","isPartOf":{"@id":"https:\/\/www.crccdlex.com\/en\/cybersecurity-in-the-financial-sector-and-beyond-the-dora-regulation\/"},"author":{"name":"Francesca Bellecci","@id":"https:\/\/www.crccdlex.com\/en\/#\/schema\/person\/20504d1fbd7230310fc3268370ee6ef2"},"headline":"Cybersecurity in the Financial Sector and Beyond: the DORA Regulation","datePublished":"2025-02-12T12:45:04+00:00","dateModified":"2025-02-12T12:54:42+00:00","mainEntityOfPage":{"@id":"https:\/\/www.crccdlex.com\/en\/cybersecurity-in-the-financial-sector-and-beyond-the-dora-regulation\/"},"wordCount":391,"image":{"@id":"https:\/\/www.crccdlex.com\/en\/cybersecurity-in-the-financial-sector-and-beyond-the-dora-regulation\/#primaryimage"},"thumbnailUrl":"https:\/\/www.crccdlex.com\/wp-content\/uploads\/CRCCD-NEWS-Insights.svg","articleSection":["Dot Flash News"],"inLanguage":"en-US"},{"@type":"WebPage","@id":"https:\/\/www.crccdlex.com\/en\/cybersecurity-in-the-financial-sector-and-beyond-the-dora-regulation\/","url":"https:\/\/www.crccdlex.com\/en\/cybersecurity-in-the-financial-sector-and-beyond-the-dora-regulation\/","name":"Cybersecurity in the Financial Sector and Beyond: the DORA Regulation - Cappelli Riolo Calderaro Crisostomo Del Din &amp; Partners","isPartOf":{"@id":"https:\/\/www.crccdlex.com\/en\/#website"},"primaryImageOfPage":{"@id":"https:\/\/www.crccdlex.com\/en\/cybersecurity-in-the-financial-sector-and-beyond-the-dora-regulation\/#primaryimage"},"image":{"@id":"https:\/\/www.crccdlex.com\/en\/cybersecurity-in-the-financial-sector-and-beyond-the-dora-regulation\/#primaryimage"},"thumbnailUrl":"https:\/\/www.crccdlex.com\/wp-content\/uploads\/CRCCD-NEWS-Insights.svg","datePublished":"2025-02-12T12:45:04+00:00","dateModified":"2025-02-12T12:54:42+00:00","author":{"@id":"https:\/\/www.crccdlex.com\/en\/#\/schema\/person\/20504d1fbd7230310fc3268370ee6ef2"},"breadcrumb":{"@id":"https:\/\/www.crccdlex.com\/en\/cybersecurity-in-the-financial-sector-and-beyond-the-dora-regulation\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/www.crccdlex.com\/en\/cybersecurity-in-the-financial-sector-and-beyond-the-dora-regulation\/"]}]},{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.crccdlex.com\/en\/cybersecurity-in-the-financial-sector-and-beyond-the-dora-regulation\/#primaryimage","url":"https:\/\/www.crccdlex.com\/wp-content\/uploads\/CRCCD-NEWS-Insights.svg","contentUrl":"https:\/\/www.crccdlex.com\/wp-content\/uploads\/CRCCD-NEWS-Insights.svg","width":512,"height":512},{"@type":"BreadcrumbList","@id":"https:\/\/www.crccdlex.com\/en\/cybersecurity-in-the-financial-sector-and-beyond-the-dora-regulation\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/www.crccdlex.com\/en\/"},{"@type":"ListItem","position":2,"name":"Cybersecurity in the Financial Sector and Beyond: the DORA Regulation"}]},{"@type":"WebSite","@id":"https:\/\/www.crccdlex.com\/en\/#website","url":"https:\/\/www.crccdlex.com\/en\/","name":"Cappelli Riolo Calderaro Crisostomo Del Din &amp; Partners","description":"una boutique del diritto d\u2019impresa","potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/www.crccdlex.com\/en\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Person","@id":"https:\/\/www.crccdlex.com\/en\/#\/schema\/person\/20504d1fbd7230310fc3268370ee6ef2","name":"Francesca Bellecci","url":"https:\/\/www.crccdlex.com\/en\/author\/francesca-bellecci\/"}]}},"_links":{"self":[{"href":"https:\/\/www.crccdlex.com\/en\/wp-json\/wp\/v2\/posts\/3934","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.crccdlex.com\/en\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.crccdlex.com\/en\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.crccdlex.com\/en\/wp-json\/wp\/v2\/users\/3"}],"replies":[{"embeddable":true,"href":"https:\/\/www.crccdlex.com\/en\/wp-json\/wp\/v2\/comments?post=3934"}],"version-history":[{"count":3,"href":"https:\/\/www.crccdlex.com\/en\/wp-json\/wp\/v2\/posts\/3934\/revisions"}],"predecessor-version":[{"id":3940,"href":"https:\/\/www.crccdlex.com\/en\/wp-json\/wp\/v2\/posts\/3934\/revisions\/3940"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.crccdlex.com\/en\/wp-json\/wp\/v2\/media\/122"}],"wp:attachment":[{"href":"https:\/\/www.crccdlex.com\/en\/wp-json\/wp\/v2\/media?parent=3934"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.crccdlex.com\/en\/wp-json\/wp\/v2\/categories?post=3934"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.crccdlex.com\/en\/wp-json\/wp\/v2\/tags?post=3934"},{"taxonomy":"crccd-news","embeddable":true,"href":"https:\/\/www.crccdlex.com\/en\/wp-json\/wp\/v2\/crccd-news?post=3934"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}