Under DORA, all MiCA-licensed EU cryptocurrency companies will be required to maintain a full record of their contractual relationships with third-party IT service providers to ensure secure infrastructure and risk management.
In addition, companies should ensure continuous monitoring of their IT systems, identifying potential vulnerabilities and threats, including the involvement of independent cybersecurity specialists. DORA also requires stricter oversight of crypto company executives, inclusion of them in the overall risk management system, and regularly updated protocols for responding to cyber attacks or other incidents.
Responsibility for compliance with DORA rests with both the crypto company and its management. Firms that violate the new rules could face fines of up to 2% of annual revenue. In case of emergency situations, the heads of crypto companies may be subject to administrative and criminal liability, as well as a fine of up to $1 million.
Mark Jennings, head of the European division of the Gemini cryptocurrency exchange, commented that DORA’s proactive approach will improve the operational sustainability of the EU crypto sector. However, for medium and small cryptocurrency companies, compliance with these requirements is a complex task, requiring significant financial investment and trained personnel.
Earlier, the European Banking Authority (EBA) published a list of restrictions for payment service providers and crypto asset providers. The EBA recommendations are due to come into force on December 30, 2025.
Source: Bits
I am an experienced journalist, writer, and editor with a passion for finance and business news. I have been working in the journalism field for over 6 years, covering a variety of topics from finance to technology. As an author at World Stock Market, I specialize in finance business-related topics.
