DORA AND 
AUTHENTICATION

Unlock DORA Compliance and Reinforce Operational Resilience with the MyID® Product Family - Your Key to a Secure Digital Transformation

The Digital Operational Resilience Act (DORA) is a proposed regulatory framework designed to ensure the operational resilience of digital systems and networks within the European Union's financial sector. Developed by the European Commission, DORA aims to manage and mitigate risks associated with ICT (information and communication) systems, promoting a safe digital marketplace. 

Currently in draft the act is likely to be implemented in January 2025.  

What are the authentication requirements?

The Digital Operational Resilience Act (DORA) outlines requirements for financial institutions and service providers to increase the operational resilience in the digital realm. While DORA doesn't explicitly provide specific authentication requirements, it establishes principles that indirectly refer to the implementation of strong access controls, which in turn implies rigorous authentication procedures. 

Some key areas related to authentication under DORA might include:  

  • Risk Management: Firms should have proper risk management processes in place. This would include managing risks associated with authentication, such as password theft or phishing attacks.
  • Operational Resilience: The ability of the system to absorb shocks, which would include ensuring that strong authentication is in place to prevent unauthorized access in the event of a cyber-attack.
  • Incident Reporting: Any breaches in authentication leading to unauthorized access must be promptly reported. 
  • Testing: Firms would need to test the robustness of their authentication systems in extreme but plausible scenarios. 
  • ICT Risk: Firms need to identify, classify, and mitigate risks associated to their Information and Communication Technology (ICT) systems, which would include risks associated with authentication. 
  • Outsourcing: If any authentication services are outsourced, measures need to be taken to ensure that these services meet the required standards.  

The European Commission is still working on regulatory technical standards detailing specific requirements under DORA, and these might provide additional clarity on authentication standards. Until then, firms should aim to follow best practices for strong authentication as part of their cybersecurity programme.   

What's Next?

DORA is expected to significantly reshape the ICT risk landscape for financial sector entities within the European Union. It aims to harmonise rules across all EU member states, promote a safer digital market, improve risk management, and mitigate the potential impact of ICT risks on financial stability. 

DORA presents an excellent opportunity for all organisations to enhance their cybersecurity and resilience. Intercede is distinctively positioned to help you fulfil the requirements of DORA, with tried-and-tested and compliant authentication and credential management solutions ranging from passwords to PKI.  

Want to know more?

If you are ready to book a demo, simply click the button below and we will arrange a demo

demo request

Trusted by Governments and Enterprises Worldwide

Where protecting systems and information really matters, you will find Intercede.  Whether its citizen data, aerospace and defence systems, high-value financial transactions, intellectual property or air traffic control, we are proud that many leading organizations around the world choose Intercede solutions to protect themselves against data breach, comply with regulations and ensure business continuity.