Digital Operational Resilience Act (DORA)
The Digital Operational Resilience Act (DORA) emerges as a pivotal regulatory framework established by the European Union to bolster the operational resilience of digital service providers, with a particular emphasis on the financial sector. Encompassing a broad spectrum of mandates, DORA seeks to mitigate risks inherent in the digital landscape, ensuring the continuity and security of critical services. Within the purview of DORA compliance, Ver.iD operates as a pivotal ally for entities using decentralized identities for Know Your Customer (KYC) or Know Your Business (KYB) procedures. It is therefore essential to recognize that our (critical) services implicate DORA compliance obligations on our end.
Roadmap
| Phase | Date | Description |
|---|---|---|
| Assessment Phase | Q2 2024 | Determine the need for DORA compliance |
| Discovery Phase | Q2 2024 | Map out existing processes, policies and security measures. |
| Planning Phase | Q3 2024 | Develop a comprehensive project plan outlining tasks, timelines, resources, and budgets. |
| Gap Analysis | Q3 2024 | Conduct a gap analysis by comparing DORA requirements with current state |
| Start of Implementation | Q4 2024 | Implementation of identified gaps and compliance to DORA requirements |
| DORA deadline | Jan 17th 2025 | DORA is enforced and organizations are required to comply from that date onward. |
| Monitor | Ongoing | Ongoing efforts to uphold regulatory requirements with respect to the DORA. |
Status
We have met the January 17th, 2025 enforcement deadline and are now in the monitoring phase, with ongoing efforts to maintain compliance and adapt to evolving expectations under DORA. Systems, processes, and controls are in place, and internal reviews are conducted periodically to ensure continued alignment.