Application of DORA has started – FIN-FSA to focus on the management of ICT risks and cyber-threats in its supervision

23.1.2025 13:00:00 EET | Finanssivalvonta | Press release

The objective of DORA (Digital Operational Resilience Act) is to improve consumers’ data security and the continuity of services. It brings about significant reforms in the operational resilience of the financial sector and covers almost all entities supervised by the FIN-FSA.

The Regulation of the European Parliament on digital operational resilience for the financial sector entered into force on 17 January 2023 and applies from 17 January 2025. DORA (Digital Operational Reliability Act) applies extensively to financial market participants in the EU, such as banks, insurance companies, investment firms and ICT companies providing services to them. In its supervision, the FIN-FSA will focus on the management of supervised entities’ ICT and information security risks, the ICT incident reporting process and the supervision of ICT providers’ risk management.

– DORA introduces uniform and transparent rules for the financial sector which are necessary to ensure that institutions in the sector can effectively identify, address and prevent various digital threats. In the current global situation, these threats are very real, states Samu Kurri, Head of Department.

All entities within the scope of application of the Regulation will have a new requirement to report annual costs caused by ICT-related incidents. The Regulation also enables the voluntary exchange of information on cyber threats between supervised entities and the reporting of cyber threats to the supervisory authority. Furthermore, supervised entities are obliged to submit a register of ICT contracts to the FIN-FSA on an annual basis.

The FIN-FSA has obliged the most significant supervised entities to perform threat-led penetration tests at regular intervals.

– For instance significant banks, the stock exchange and the central securities depository are directly compelled by DORA to perform these threat-led data security tests. However, we have also obliged smaller banks and insurance-sector participants to engage in these tests in Finland. By doing so, we foster the achievement of cyber security in the financial sector on an extensive scale, says Kurri.

In Finland, DORA applies to over 400 supervised entities. There is no transitional period for the application of the Regulation, which means that the requirements must be complied with from 17 January 2025.

For further information, please contact

Samu Kurri, Head of Department. Requests for interviews are coordinated by FIN-FSA Communications, tel. +358 9 183 5030 (weekdays 9.00–16.00).

Keywords

press release fin-fsa financial sector digital operational resilience dora

Contacts

Media phone service number

can be contacted on weekdays 9–16, except on Holy Thursday and New Year’s Eve on 9–13.

Tel:+358 9 183 5030

Finanssivalvonta, or the Financial Supervisory Authority (FIN-FSA), is the authority for supervision of Finland’s financial and insurance sectors. The entities supervised by the authority include banks, insurance and pension companies as well as other companies operating in the insurance sector, investment firms, fund management companies and the Helsinki Stock Exchange. We foster financial stability and confidence in the financial markets and enhance protection for customers, investors and the insured.

Alternative languages

Subscribe to releases from Finanssivalvonta

Subscribe to all the latest releases from Finanssivalvonta by registering your e-mail address below. You can unsubscribe at any time.

Latest releases from Finanssivalvonta

Högsta förvaltningsdomstolen har meddelat sitt beslut med anledning av Ermitage Partners Oy:s besvär17.6.2026 14:30:00 EEST | Pressmeddelande

Högsta förvaltningsdomstolen har genom sitt beslut av den 17.6.2026 bifallit Ermitage Partners Oy:s yrkande om upphävande av Finansinspektionens beslut, som förbjöd Ermitage Partners Oy att tillhandahålla investeringstjänster utan tillstånd.

Korkein hallinto-oikeus antoi päätöksensä Ermitage Partners Oy:n valitukseen17.6.2026 14:30:00 EEST | Tiedote

Korkein hallinto-oikeus on 17.6.2026 antamallaan ratkaisulla hyväksynyt Ermitage Partners Oy:n vaatimuksen kumota Finanssivalvonnan päätös, jolla kiellettiin Ermitage Partners Oy:ltä sijoituspalvelujen tarjoaminen ilman toimilupaa.

Supreme Administrative Court issued its decision concerning appeal by Ermitage Partners Oy17.6.2026 14:30:00 EEST | Press release

The Supreme Administrative Court, by its decision of 17 June 2026, has approved Ermitage Partners Oy’s claim for a reversal of the decision of the Financial Supervisory Authority (FIN-FSA) prohibiting Ermitage Partners Oy from offering investment services without authorisation.

Finansinspektionen observerade brister i marknadsföringen av kryptotillgångstjänster och -produkter16.6.2026 11:10:00 EEST | Pressmeddelande

Finansinspektionen observerade i sin tematiska bedömning flera brister i marknadsföringen av kryptotillgångstjänster och -produkter samt i den information som ges innan ett avtal ingås. De största bristerna gällde informationen om risker, ett jämlikt och tydligt framställande av upplysningar samt lämnande av den förhandsinformation som förutsätts av konsumentskyddslagen.

Finanssivalvonta havaitsi puutteita kryptovarapalveluiden ja -tuotteiden markkinoinnissa16.6.2026 11:10:00 EEST | Tiedote

Finanssivalvonta havaitsi teema-arviossaan useita puutteita kryptovarapalveluiden ja -tuotteiden markkinoinnissa sekä ennen sopimuksen tekemistä niistä annettavissa tiedoissa. Merkittävimmät puutteet liittyivät riskeistä kertomiseen, tietojen tasapuoliseen ja selkeään esittämiseen sekä kuluttajansuojalain edellyttämien ennakkotietojen antamiseen.

In our pressroom you can read all our latest releases, find our press contacts, images, documents and other relevant information about us.

Visit our pressroom