Norway's Ministry of Finance has issued regulations implementing the new Digital Operational Resilience Act for the financial sector (DORA Act), aligning the supplementary technical rules with the Act’s entry into force on 1 July. The regulation follows a draft prepared by the Financial Supervisory Authority of Norway (Finanstilsynet) that was consulted on until 30 May, and is intended to ensure the required technical provisions are in place at the same time as the DORA Act takes effect. Finanstilsynet must submit by mid-October its assessment of whether additional regulations are needed, including consideration of Norges Bank’s proposal to regulate the division of responsibilities between Norwegian authorities for threat-led penetration testing (TLPT). The Ministry noted that Norges Bank and Finanstilsynet already cooperate on such testing under the TIBER-NO framework and expects ongoing tests to continue as planned.
Department of Finance (Norway) 2025-06-24
Norway's Ministry of Finance adopts implementing rules for the DORA digital operational resilience regime effective 1 July
Norway's Ministry of Finance has issued regulations to implement the Digital Operational Resilience Act (DORA Act) for the financial sector, effective 1 July. Based on a draft by the Financial Supervisory Authority of Norway, these regulations ensure technical provisions align with the Act's commencement. Finanstilsynet will assess by mid-October if further regulations are needed, considering Norges Bank's proposal on responsibility division for threat-led penetration testing.