Fireblocks offers DORA compliance package for EU financial institutions

The package is designed to help financial institutions meet their obligations under the new Digital Operational Resilience Act (DORA), which was introduced by the European Commission in 2020 and came into action in the EU on January 17th, 2025.

DORA establishes a comprehensive EU-wide regulatory framework designed to address fragmented and sector-specific rules on digital operational resilience. Financial institutions and CASPs operate under various regulations, including MiFID II, CRD, PSD2, and guidelines from the European Supervisory Authorities (ESAs). However, inconsistencies in application and the non-binding nature of some guidelines have created regulatory uncertainty.

Cybersecurity and operational resilience for EU financial institutions

DORA requires that banks, financial institutions, and crypto asset service providers (CASPs) strengthen their cybersecurity and operational resilience. The new Fireblocks offering aims to simplify this complex regulatory landscape by allowing organisations to focus on growth while maintaining compliance.

The package is designed for institutions that designated Fireblocks as a third-party ICT provider supporting a critical function, aiming to optimise the path to regulatory alignment for users. Key features include a dedicated legal addendum, annual and periodic reports on ICT security, a modern security kit, and an annual pooled security audit. This helps institutions meet requirements with greater efficiency while strengthening operational resilience.

The pre-drafted regulatory addendum to the Fireblocks Master Service Agreement (MSA) aligns with DORA’s article 30 requirements. Fireblock’ COR package also supports audit and penetration testing through pooled or individual engagements. Additionally, the annual pooled security audit event with Fireblocks’ security department features live walk-throughs, operational insights, and the opportunity to engage with Fireblocks security personnel.

Backed by security features such as Multi-Party Computation (MPC) technology and certifications like SOC 2, CCSS, and ISO 27001, the company is committed to supporting CASPs and financial institutions in their regulatory journey.