Compliance with NIS2, which entered into force in October 2024, has had significant impact on resource constraints and skills gaps, according to a survey conducted by software company Veeam, which found that 95% of NIS2-impacted companies had to divert funds from other business areas to cover the costs of NIS2 compliance.
As for DORA, its scope does include entities that may be new to this level of regulatory control, said Andrew Rose, CSO at SoSafe.
“Unregulated entities, such as credit rating agencies and certain types of exempt lending, factoring, and mini-bonds, and those associated with new financial models, such as crypto exchanges and peer-to-peer lending platforms, fall into scope of DORA,” Rose pointed out. “For them, these requirements may mandate a new level of control, together with formalised oversight, requiring spending on both solutions and staffing.”
