2 posts tagged with "DORA"

NIS2 (Network and Information Security Directive 2) became applicable across EU member states in October 2024. It significantly expands the scope of its predecessor: where NIS1 covered a relatively narrow set of critical infrastructure operators, NIS2 covers essential entities and important entities across 18 sectors including energy, transport, banking, financial market infrastructure, health, drinking water, digital infrastructure, ICT service management, public administration, and space.

If your organization operates in any of these sectors in the EU and uses AI agents, NIS2 requirements apply to those AI systems as part of your overall cybersecurity obligations.

DORA — the Digital Operational Resilience Act — became applicable on January 17, 2025. It applies to EU financial entities (banks, investment firms, insurance companies, payment institutions, crypto-asset service providers) and their critical ICT third-party service providers.

If you're an AI vendor providing services to EU financial institutions, or an EU financial institution running your own AI agents, DORA's ICT risk management framework applies to those AI systems.