Cryptocurrency businesses within the European Union are now governed by the new Digital Operational Resilience Act (DORA) as of January 17. This regulation aims to enhance cybersecurity and resilience among virtual asset service providers (VASPs) in the region. DORA mandates financial entities in the EU to maintain a comprehensive register of their contractual arrangements with third-party IT service providers to ensure safe infrastructure and effective risk management.
DORA’s implementation broadens the scope of the EU’s Markets in Crypto-Assets Regulation (MiCA), focusing on enhancing resilience against potential disruptions from cyberattacks and IT failures, with an end goal of bolstering investor protection and market integrity.
Matt Sullivan, deputy general counsel at MoonPay, emphasized the significant impact of DORA on MiCA-licensed crypto firms. MoonPay, recently licensed under MiCA by the Dutch financial regulator, is actively ensuring compliance with DORA through internal policy, procedure adjustments, and thorough review of third-party vendor relationships.
Mark Jennings, head of Europe at the Gemini crypto exchange, noted DORA as pivotal in reinforcing the operational resilience of the financial sector against risks related to information and communications technology (ICT). To prepare for DORA, Gemini has implemented a strategic operational resilience framework, focusing on ICT risk management and governance.
Cathy Yoon from Wormhole Foundation highlighted that DORA’s impact extends beyond VASPs, affecting crypto asset issuers like Circle, the issuer of USD Coin (USDC). While many CASPs have already implemented strong cybersecurity measures, DORA poses challenges for smaller service providers with limited resources, potentially leading to a consolidation of providers to meet DORA’s stringent security standards.
Chris Denbigh-White, head of security at Elwood Technologies, remarked that DORA’s application underlines the importance of cybersecurity, third-party risk management, and incident response protocols. He noted a growing focus on operational resilience, with DORA expected to support investor protection and overall market stability.