Fields of law

Digital Operational Resilience Act (DORA)

One of the elements of the EU legislative package on digital finance is the Digital Operational Resilience Act, the so-called DORA. The purpose of the Act is to update the regulatory environment in the area of financial technologies, standardize cybersecurity requirements and harmonize digital resilience processes and standards in the financial sector, FinTech and information and communication technology (ICT) providers operating in the EU. Due to the fact that DORA entered into force at the beginning of 2023, financial entities have time to implement the requirements arising from it by January 2025 at the latest.

The Raczyński Skalski & Partners Law Firm offers a number of services to support our clients in the process of preparation for DORA. Thanks to many years of experience in the field of financial law and dozens of projects carried out for various types of obligated institutions, we are guided primarily by ensuring that the solutions we develop remain fully compliant with the law, while being adapted to the area and scale of our clients’ operations.

Law Firm’s services:

The legal services provided by the Raczyński Skalski & Partners Law Firm in the DORA area are comprehensive and include in particular:

    1. Legal audit regarding compliance of internal procedures and ICT-related systems with DORA

      Our law firm conducts detailed audits of solutions used by obligated institutions, identifying risk areas, developing and adapting our clients’ internal procedures to current standards and regulatory guidelines. We provide recommendations on taking appropriate actions to maintain compliance with DORA, and we also implement, among others: personalized general procedures and internal policies.

    2. Preparation and reviewing civil law contracts

      We offer our clients comprehensive services in adapting concluded contracts to DORA requirements, as well as preparing and negotiating contracts (including cooperation contracts, contracts for the implementation of IT systems and outsourcing contracts) ensuring compliance with the requirements of the Regulation.

    3. Workshops preparing for the implementation of DORA by financial market entities

      The law firm offers high-quality training for designated persons responsible for the security of ICT systems, tailored to the unique needs of each interested entity. The knowledge obtained during the workshops will enable customers to thoroughly verify the compliance of the solutions they use with DORA regulations and identify possible areas of non-compliance.

    4. Support in completing all reports and reporting information

      Maintaining a register of information by obligated entities will play a key role in managing third-party ICT risk and – among others – will be used by the relevant supervisory authorities in the context of assessing financial entities’ compliance with DORA. Our law firm offers full support in completing all reports and forms required by supervisory authorities, including the Polish Financial Supervision Authority.

    5. Representation before supervisory authorities and administrative courts

      Our experienced lawyers represent clients before supervisory authorities, such as the Polish Financial Supervision Authority or the GIFI, and administrative courts, ensuring effective defense of our clients’ interests, also when financial sanctions have been imposed or there is a risk of being imposed on the obligated entity or its managers.

    6. Ongoing advisory support

      The law firm provides its clients not only with comprehensive legal advice, but also with partnership in building lawful business structures tailored to the client’s individual operational context. By being continually committed to staying abreast of changes in regulations and technologies, we provide the entities we serve with guidance on implementing improvements to ensure continued compliance with DORA.

The Raczyński Skalski & Partners Law Firm provides its clients with support in developing an effective and individually tailored to the specificity of their business ICT-related risk management process, as well as the proper regulation of digital operational resilience, which will allow clients to increase the security of the services they provide as well as continuity of their business.