Providers of digital products and services to the EU are being impacted by a suite of new cybersecurity regulations coming into force. Among them is the Digital Operations Resilience Act (DORA), and we've developed a checklist to help you manage key components on your journey to compliance.
What does DORA mean for software providers?
DORA is a European Union (EU) regulation designed to improve the cybersecurity of traditional financial institutions and non-traditional financial entities. DORA comes alongside a series of new regulations that have been adopted by the EU with the aim of improving cybersecurity.
The scope of DORA reaches into the supply chain supporting the financial industry in the EU. Organizations that had previously not been covered by financial regulations, such as third-party providers that supply financial entities with information and communications technology (ICT) systems and services, are included in the regulation. Noncompliant ICT providers can be penalized, with fines of up to 1% of the provider's annual turnover from the previous year.
Preparing for DORA
Financial institutions and the third-party ICT service providers that supply them must comply when enforcement starts in January of 2025. Sonatype addresses DORA's ICT risk management framework through comprehensive solutions for open source analysis, scanning software, and vulnerability assessments.
For an overview of steps to take towards DORA compliance, download our checklist.
