Cybersecurity Framework
As digital finance becomes increasingly interconnected, cybersecurity is essential for maintaining trust and stability in the financial system. EDFA's cybersecurity framework provides a comprehensive approach to identifying, protecting against, detecting, responding to, and recovering from cyber threats.
Our framework is designed to enhance the cyber resilience of financial institutions, digital service providers, and critical financial infrastructure across the European Union.
Key Components
Methodologies and tools for identifying, analyzing, and evaluating cybersecurity risks in digital financial services.
Learn moreTechnical and organizational measures required to protect digital financial services from cyber threats.
Learn moreProcedures and requirements for detecting, reporting, and responding to cybersecurity incidents.
Learn moreFramework for testing the resilience of financial entities against cyber attacks through penetration testing and simulations.
Learn moreCurrent Threat Level
ElevatedLast updated: 18 May 2025, 09:00 CET
Digital Operational Resilience Act (DORA)
The Digital Operational Resilience Act (DORA) establishes a comprehensive framework for ensuring that financial entities can withstand, respond to, and recover from all types of ICT-related disruptions and threats.
EDFA is responsible for implementing and enforcing DORA across the European Union, working closely with national competent authorities and other EU bodies.
Key Requirements
- ICT risk management framework
- ICT incident classification and reporting
- Digital operational resilience testing
- ICT third-party risk management
- Information sharing arrangements
Implementation Timeline
- January 2025: DORA entered into application
- July 2025: Technical standards finalized
- January 2026: Full compliance required
- July 2026: Advanced testing requirements
Cybersecurity Services
EDFA's Threat Intelligence service provides financial entities with timely and actionable information on cyber threats targeting the financial sector.
- Threat alerts and advisories
- Indicators of compromise
- Vulnerability notifications
- Sector-specific threat analysis
Our self-assessment tools help financial entities evaluate their cybersecurity posture against EDFA's standards and identify areas for improvement.
- Cybersecurity maturity assessment
- Gap analysis against DORA requirements
- Risk assessment templates
- Benchmarking against peers
EDFA's incident reporting platform allows financial entities to report cybersecurity incidents in compliance with regulatory requirements.
- Secure incident reporting portal
- Incident classification guidance
- Reporting templates and forms
- Incident response coordination
Latest Publications
Cloud Security Guidelines for Financial Institutions
Security requirements and best practices for financial institutions using cloud services.
Cybersecurity Requirements for Critical Payment Infrastructure
Technical and organizational security measures required for operators of critical payment systems.
Digital Identity and Authentication Standards
Security standards for digital identity verification and authentication in financial services.