DORA Goes Live: EU's New Crypto Regulation Aims to Enhance Cybersecurity and Resilience

Cryptocurrency businesses within the European Union are now governed by the new Digital Operational Resilience Act (DORA) as of January 17.

The Digital Operational Resilience Act (DORA), a new cryptocurrency regulation within the European Union (EU), came into effect on 17 January. This regulation aims to enhance cybersecurity and resilience among virtual asset service providers (VASPs) in the region.

As part of DORA, financial entities in the EU are now required to maintain a comprehensive register of their contractual arrangements with third-party IT service providers. This measure is designed to ensure safe infrastructure and effective risk management throughout the crypto industry.

DORA’s implementation broadens the scope of the EU’s Markets in Crypto-Assets Regulation (MiCA), which is focused on enhancing resilience against potential disruptions from cyberattacks and IT failures. Ultimately, this aims to bolster investor protection and market integrity.

According to Matt Sullivan, deputy general counsel at MoonPay, DORA will have a significant impact on crypto firms licensed under MiCA. MoonPay, which was recently licensed by the Dutch financial regulator, is ensuring compliance with DORA by adjusting internal policy and procedures, and conducting a thorough review of third-party vendor relationships.

Mark Jennings, head of Europe at the Gemini crypto exchange, highlighted DORA’s importance in reinforcing the operational resilience of the financial sector against risks related to information and communications technology (ICT). In preparation for DORA, Gemini has implemented a strategic operational resilience framework, which includes a focus on ICT risk management and governance.

Cathy Yoon from Wormhole Foundation pointed out that the impact of DORA extends beyond VASPs, also affecting crypto asset issuers (CASPs) like Circle, the issuer of USD Coin (USDC). While many CASPs have already implemented strong cybersecurity measures, DORA may pose challenges for smaller service providers with limited resources. This could potentially lead to a consolidation of providers in the industry to meet DORA’s stringent security standards.

Finally, Chris Denbigh-White, head of security at Elwood Technologies, noted that the application of DORA underlines the importance of cybersecurity, third-party risk management and incident response protocols. He highlighted a growing focus on operational resilience, with DORA expected to support investor protection and overall market stability.