THE DIGITAL OPERATIONAL RESILIENCE ACT (DORA) SPA’s Position on Physical Payment Card Personalization - November 2024
The Digital Operational Resilience Act (“DORA”) has been released to achieve a harmonized high level of cyber-resilience in the information and communication technology (“ICT”) systems used by the European financial industry. DORA was adopted on December 14, 2022, and will come into effect on January 17, 2025. DORA is further supported by Regulatory Technical Standards, which outline additional requirements for different articles of the regulation.
DORA includes provisions for financial entities to monitor the ICT services they outsource to third parties. DORA also establishes criteria to identify the level of criticality of outsourced ICT services with a focus on contractual aspects for third Party ICT service providers to ensure the conformance with DORA.
Smart Payment Association (SPA) considers that physical payment card personalization doesn’t fall under the remit of DORA.
This document describes why.
