In order to implement the Digital Operational Resilience Act (DORA), companies must not only take technical measures but also make a series of legally mandatory contractual adjustments by January 2025.
In this English-language webinar, KPMG Law experts presented an industrialized approach to reviewing and adapting a large number of contracts. They delved into the Digital Operational Resilience Act (DORA) and how KPMG Law can assist organizations in assessing and amending contracts to ensure compliance with DORA’s mandatory requirements.
Chapter 1: Welcome and introduction
Speaker: Adrian Tüscher
Summary: Adrian Tüscher welcomes the participants on behalf of KPMG Law in Switzerland and Germany. He explains that the webinar will be repeated due to interest from Swiss clients. Adrian introduces himself as Head of KPMG Law in Switzerland and announces the agenda of the webinar.
Chapter 2: Relevance of DORA for Swiss companies
Speaker: Adrian Tüscher
Summary: Adrian explains the extraterritorial reach of DORA and its relevance for Swiss companies. He explains that Swiss ICT service providers and their subcontractors are affected if they provide services to EU financial institutions. He also describes the spillover effect that forces Swiss companies to adapt to DORA standards.
Chapter 3: Challenges and market analysis
Speaker: Adrian Tüscher
Summary: Adrian describes the challenges that Swiss companies face when implementing DORA. He emphasises the need to adapt contracts and develop efficient approaches. Adrian presents the agenda of the webinar, which includes an introduction to DORA, the challenges of contract customisation and the role of AI.
Chapter 4: Introduction to DORA
Speaker: Vaike Metzger
Summary: Vaike Metzger introduces herself and gives an overview of the DORA regulation. She explains the objectives of DORA, the harmonisation of ICT services and the inclusion of all financial sectors. Weike emphasises the importance of implementing DORA by January 2025 and the upcoming supervisory reviews.
Chapter 5: DORA requirements and implementation
Speaker: Vaike Metzger
Summary: Vaike explains the different areas that DORA covers, including ICT risk management, incident management and resilience testing. She highlights the new requirements that DORA brings compared to previous regulations. Weike emphasises the need for a comprehensive approach to DORA compliance.
Chapter 6: DORA and third-party risk management
Speaker: Olaf Rösner
Summary: Olaf Rösner introduces himself and gives an overview of the requirements of DORA in the area of third party risk management. He explains the need for a comprehensive policy and the definition of critical and important functions. Olaf emphasises the importance of an information register and conducting due diligence.
Chapter 7: Contract requirements and challenges
Speakers: Frank Pütgen and Matthias Henke
Summary: Frank Pütgen and Matthias Henke discuss the challenges of adapting contracts to the DORA requirements. They explain the need to include specific clauses in ICT contracts and to adapt the contracts individually or in a standardised way. They emphasise the importance of careful documentation and negotiation with service providers.
Chapter 8: Using AI to analyse contracts
Speaker: Markus Fuhrmann and Michael Roth
Summary: Markus Fuhrmann and Michael present KPMG's AI-supported solution for analysing contracts. They explain how the AI software analyses contracts, extracts relevant clauses and assesses compliance with DORA requirements. They emphasise the increase in efficiency through the use of AI and the support provided by the Legal Service Centre in Argentina.