NIS2 and DORA: A Tale of Two Instruments

A TDL webinar: 16:00-17:00 CEST, 24 April 2024

24 April 2024

Watch the full recording of the webinar here!

See moderator David Goodman’s presentation slides here

See presenter Stephen Purser’s presentation slides here

DORA and NIS2 are two EU legislative instruments that are different but in many ways similar .

  • The Digital Operational Resilience Act (DORA) is an EU regulation that entered into force on 16 January 2023 and will apply as of 17 January 2025. DORA solves an important problem in the EU financial sector through a binding, comprehensive ICT risk management framework that addresses the main categories of operational risk, resilience, reliability, availability and integrity of financial services.
  • The updated Network and Information System 2 (NIS2) Directive that came into force in 2023 modernised the existing legal framework to keep up with increased digitisation and an evolving cybersecurity threat landscape.

Whereas NIS2 serves to broadly harmonise cybersecurity in the EU, DORA’s purpose is to protect the financial sector

During this webinar, presented by Steve Purser and moderated by David Goodman, participants were given an understanding of how we got to this point in terms of EU policy/regulatory trends and an explanation of the core similarities and differences between the two instruments. We looked into the role of the board as specified in each regulation and the need to exploit synergies and ensure cost optimisation, new elements, planning considerations and penalties. Finally, we delved into the impact of NIS2 on supply chain security and contrasted it with third party supplier controls as specified by DORA.

The webinar provided valuable insights for companies, cybersecurity experts and individuals seeking to understand the ramifications of these two pieces of legislation and the preparations that should be undertaken over the coming two-three years.