DORA, NIS2, and adversaries that know your value.

DORA

Digital Operational Resilience Act — mandatory from Jan 2025 for financial entities. ICT risk management, testing, incident reporting, third-party risk.

NIS2

Financial sector entities classified as essential — enhanced obligations for risk management, supply chain security, and incident notification.

PCI-DSS v4.0

Updated requirements for payment card data environments, with stricter authentication and monitoring obligations.

EBA Guidelines

European Banking Authority ICT risk management and outsourcing guidelines for credit institutions and investment firms.