DORA and NIS 2

Skip to content
Skip to navigation

Services

Advisory

Through Grant Thornton Financial Advisory Services we support the ambitions of dynamic businesses and help them grow

Transactional advisory services
Find out more about the transactional advisory services of Grant Thornton Financial Advisory Services
Valuations
Find out more about the valuations services of Grant Thornton Financial Advisory Services
Mergers and acquisitions
Find out more about the merger and acquisition services of Grant Thornton Financial Advisory Services
Forensic and investigation services
Find out more about the forensic and investigation services of Grant Thornton Financial Advisory Services
Recovery & reorganisation
Find out more about the Recovery & reorganisation services of Grant Thornton Financial Advisory Services
Business risk services
Find out more about the business risk services of Grant Thornton Financial Advisory Services
Business consulting
Find out more about the business consulting services of Grant Thornton Financial Advisory Services
Capital market
Capital market

Tax & Legal

We assist businesses in developing tax-planning strategies to optimise the tax burden in compliance with the regulation in force

See Overview

Corporate and business tax
Find out more about our corporate and business tax services.
Direct international tax
Find out more about our direct international tax services.
Global mobility services
Find out more about our global mobility services.
Indirect international tax
Find out more about our indirect international tax services.
Transfer pricing
Find out more about our transfer pricing services.
Litigation
Our lawyers and accountants can manage all defense measures provided not only by the Italian law, but also by EU regulations and conventions
Family business
Find out more about our Family business services.
Legal
The client can be assisted in every need and with the same care both on important operations or disputes and on simple matters

Related insights:

Global mobility Managing mobility in the face of COVID-19

Across the globe, the spread of the novel coronavirus (Covid-19) is having a significant humanitarian impact and increasingly, an economic impact from stock markets to global supply chains

23 Mar 2020

Outsourcing

Through Grant Thornton Operations we help businesses focus on their core business and improve efficiency

See Overview

Back office outsourcing
Find out more about our Back office outsourcing services
Business process outsourcing
Find out more about our business process outsourcing services.
Compilation of financial statements
Find out more about our compilation of financial statements services.
Tax compliance
Find out more about our tax compliance services.
Electronic invoicing
Find out more about our electronic invoicing services
Electronic storage
Electronic storage is an archiving procedure that guarantees the legal validity of a digitally stored electronic document
Revaluation of corporate assets
Find out your civil and fiscal revaluation of tangible, intangible and financial assets

HR & Payroll

We can manage the entire HR process or individual aspects

See Overview

Human resources consulting
Find out more about our human resources consulting services.
Payroll
Find out more about our payroll services.
HR News
HR News the monthly information newsletter by Grant Thornton HR

Technology & Innovation

we can provide our clients with dedicated services aimed to increase the maturity and resilience of their businesses

See Overview

Cybersecurity
GT Digital helps clients structure information security management internal functions, also through partially or totally outsourced functions
Agile and Programme Management
GT Digital provides support in the adoption and implementation of different portfolio management
Robotic Process Automation
Our “BOT Farm” can rely on digital workers able to help clients in routine activities, allowing employees to deal with more added-value activities
Data strategy and management
GT Digital can support clients in seizing the opportunities offered by Big Data, from the definition of strategies to the implementation of systems
Enterprise Resource Planning
We support clients in selecting the most appropriate ERP System according to their specific needs, helping them also understand licensing models
IT strategy
GT Digital supports clients in making strategic choices, identifying innovation opportunities, comparing themselves with competitors
IT service management
We can support with software selection and with the implementation of dedicated tools for the management of ICT processes
DORA and NIS 2
The entry into force of the DORA Regulation and NIS2 represents a major step towards the creation of a harmonised regulatory framework

The entry into force of the Digital Operational Resilience Act (“DORA Regulation”) and of Directive (EU) 2022/2555 (“NIS2 Directive”) represents a major step towards the creation of a harmonised regulatory framework to face cybersecurity-related challenges in the financial industry and beyond.

DORA: Operational resilience in the financial industry

DORA requires financial entities to guarantee suitable safeguarding mechanisms in case of cyberattacks and to strengthen requirements for the prevention of ICT risks in the financial and insurance sectors, including critical third parties providing ICT services.

This regulation stresses the need to guarantee a digital operational resilience to face cybersecurity threats throughout the lifecycle of business activities.

The DORA regulation entered into force on 17 January 2023. The impacted entities have two years to prepare and implement it, therefore up to 17 January 2025.

The new Regulation will enhance the digital operational resilience of European entities in the financial industry, and will be based on five key pillars:

NIS2 Directive: Cybersecurity rules in Europe

The NIS2 Directive is aimed at improving the response of EU Member States to cyberattacks, strengthening the cooperation and exchange of information. Its scope of application is thus broader and includes a wide range of industries, not just those businesses operating in sectors of “high criticality”, such as energy, transport, finance, healthcare, but also those in other critical sectors such as digital providers, postal services, waste management and other essential services. The Directive introduces crucial measures for the management of cybersecurity-related risks and reporting obligations of significant incidents.

The NIS2 Directive entered into force on 17 January. EU Member State will have to issue the relevant national implementing regulation by 17 October 2024.

Art. 21 of NIS2 Directive contains the following recommendations with reference to the measures to manage cybersecurity risks:

Critical actions to get ready for the implementation

Faced with these new regulations, it is essential that organisations adopt a proactive approach to guarantee operational compliance and resilience. Here are some key actions:

Know your organisation: Understand all processes, services and critical assets is the first step for an effective management of cybersecurity.
Perform a gap analysis: Carry out an evaluation of the DORA and NIS2 gaps to identify areas for improvement and risks.
Compare gaps with the main recommendations: Compare the gaps identified with the main recommendations and best practices, focusing on the most critical areas.
Have a strategic investment plan: Focus on investments which bring an actual value added to the requirements laid down in the Regulation and Directive, thus guaranteeing a comprehensive management of cyber risks.

Conclusions

Getting ready for DORA and NIS2 is not just a regulatory requirement, but also an opportunity to improve operational resilience and protect businesses in an increasingly complex and interconnected digital world.