The Digital Operational Resilience Act has come into force in the EU
Date: 2025-01-20 Author: Henry Casey Categories: IN WORLD
According to the new requirements, crypto companies licensed under MiCA are required to maintain a detailed register of all agreements with IT service providers. This will help ensure the resilience of the infrastructure and reduce the likelihood of risks. Companies must also implement systems for continuous monitoring of their technologies to promptly identify threats and vulnerabilities. For these purposes, it is permissible to involve third-party experts in the field of cybersecurity.
In addition, DORA obliges the heads of crypto companies to participate in the development of risk management strategies. They must ensure that there are up-to-date protocols for responding to cyberattacks or other security incidents.
Responsibility for compliance with the law lies not only with companies, but also with their managers. Violation of DORA regulations threatens fines of up to 2% of the company's annual income. In extreme cases, senior managers may face administrative or criminal penalties, including fines of up to $1 million.
Gemini Europe CEO Mark Jennings noted that the proactive approach laid out in DORA will strengthen the operational resilience of the EU cryptocurrency market. However, he stressed that compliance with these requirements may be a challenge for small and medium-sized companies due to the significant financial investment and qualified personnel required.
The European Banking Authority (EBA) has also previously published recommendations for payment service providers and crypto assets. These restrictions will come into force on December 30, 2025, complementing the DORA legislation.
