Security Legislation Changes (Week 2/25)
Welcome to the first weekly review of the year! No significant updates have occurred this week, but the DORA deadline is fast approaching.
Welcome to the first weekly review of the year! During the past week, there have been no significant changes to the regulations under monitoring. However, it is good to remember that the deadline for the DORA (Digital Operational Resilience Act) is approaching. Now is the final moment to ensure that all organizations falling within the scope of DORA take its requirements fully into account in their operations.
Regulations and Legislation Under Monitoring
- NIS2 Directive
- CER Directive
- DORA Regulation
- Cyber Resilience Act (CRA)
- AI Act
- General Product Safety Regulation (GPSR)
- Cyber Solidarity Act (CSA)
- Corporate Sustainability Reporting Directive (CSRD)
DORA Regulation
The EU Digital Operational Resilience Act (DORA) becomes binding on January 17, 2025, and its approaching deadline has prompted European Supervisory Authorities (ESAs) to issue several statements on DORA. They emphasize that the obligations are extensive and in many respects new, so full compliance can be challenging.
At the same time, it has been recognized that the ability of different sectors to meet DORA requirements varies: banks and insurers are often further ahead than alternative investment fund managers, for example. National supervisory practices also differ, so companies should prioritize “quick wins” and visible actions—such as updating board minutes, incident management plans, and modifying contracts with key providers—to ensure as smooth a transition to DORA requirements as possible before next week’s deadline.
Conclusion
Tekve Oy offers support in navigating and implementing regulatory requirements, so feel free to contact us. See you next week!