The Swedish Financial Supervisory Authority (Finansinspektionen) will carry out an in-depth analysis of digital operational resilience across a selection of supervised Swedish financial firms by examining how they have implemented the EU Digital Operational Resilience Act (DORA). The work is framed as a 2025 supervisory priority, reflecting heightened expectations for firms’ ability to withstand technical disruptions and ensure security and recovery in their network and information technology systems. DORA has applied since 17 January 2025 and raises requirements on, among other things, managing information and communication technology (ICT) risks, reporting ICT-related incidents, testing digital operational resilience, and managing ICT third-party risk. The analysis will run in three stages during 2025 through three separate questionnaires and will cover 50 firms, including banks, insurance companies, payment institutions and trading platforms.
Finansinspektionen 2025-06-02
Swedish Financial Supervisory Authority launches in-depth review of DORA implementation and digital operational resilience at 50 firms
The Swedish Financial Supervisory Authority (Finansinspektionen) will analyze digital operational resilience among 50 Swedish financial firms, focusing on their implementation of the EU Digital Operational Resilience Act (DORA). This 2025 priority aims to assess firms' capabilities in managing ICT risks, incident reporting, resilience testing, and third-party risk management. The analysis will proceed in three stages throughout 2025 using separate questionnaires.