Launch of a DORA awareness survey

The FSMA launched an Awareness Survey concerning DORA, which became effective on 16 January 2023. The regulatory obligations imposed by DORA will be applicable from 17 January 2025. DORA aims to establish uniform requirements regarding the security of networks and information systems supporting the operational processes of financial entities. Its primary objective is to enhance the management of ICT risks, thereby increasing resilience against cyber threats. The regulation harmonizes various ICT-related requirements.
The FSMA therefore initiated an Awareness Survey concerning DORA to allow both its services and entities under its supervision to better understand the current „maturity level“ of these entities in this domain. DORA specifically applies to investment firms, fund managers, UCITS management companies, self-managed UCITS, pension institutions, insurance intermediaries (incidental or not), crowdfunding platforms, and trading platforms.
DORA entails requirements related to ICT risk management, notification of major ICT incidents and cyber threats, periodic testing of digital operational resilience, and measures to ensure sound ICT risk management in case of outsourcing to third parties. The regulation acknowledges proportionality concerning the entity’s size, nature, and complexity of activities. Microenterprises are excluded from certain DORA provisions, and a simplified framework is developed for specific entities. For entities under FSMA control, this simplified framework applies to portfolio management and investment advisory companies (SGPCI) and pension institutions (IRP) meeting certain criteria.
The FSMA, through the survey, aims to raise awareness among entities under its supervision about the impact of DORA’s enforcement on critical themes. Additionally, the FSMA seeks to assess the current state of sectors under its supervision regarding DORA compliance. Responses to the survey involve a self-assessment without requiring additional explanations or documents at this stage.
To facilitate the survey process, the FSMA directs entities to use FiMiS. Users can log in using a valid certificate or their electronic ID card. Practical details are available in the FiMiS User Guide specific to the survey.