### Regulatory Harmonization in the Universe of Financial Cybersecurity

In the context of European regulations, the management of cybersecurity risks and incident reporting are becoming increasingly central. In particular, the DORA Regulation introduces not only more stringent but also specific requirements for the financial sector, differentiating itself from previous regulations. This new approach builds upon an existing regulatory framework, marking a fundamental step towards enhanced cybersecurity in this sector.

### Lex Specialis: DORA and NIS 2

One of the main innovations that DORA brings is the concept of “lex specialis,” which establishes that for financial entities subject to both regulations, DORA becomes the primary reference source. This means that in cases where there is an overlap of requirements between DORA and NIS 2, the entities in question must adhere exclusively to the provisions of DORA.

However, this centrality of DORA should not lead to a disconnection from the broader cybersecurity framework defined by NIS 2. It is crucial that financial entities remain integrated into the broader context of cybersecurity at the European level. The goal is to ensure that financial supervisory authorities are fully aware of cybersecurity incidents that may affect various sectors, thereby promoting a coordinated and effective response to cybersecurity threats.

### Inter-Sector Collaboration

A key aspect highlighted by DORA is the importance of collaboration and information sharing among different domains. In particular, the Regulation emphasizes the need for continuous interaction between financial entities and the NIS 2 system, which aims to create a resilient and informed ecosystem.

Financial entities are called upon to actively participate in cooperation groups and CSIRTs (Computer Security Incident Response Teams), which serve as coordination points for managing cybersecurity incidents. The competent authorities designated in DORA must have access to strategic and technical discussions, ensuring continuous sharing of information and best practices with other sectors involved in NIS 2.

### Specificity of the Financial Sector

DORA is not just an integration of cybersecurity regulation, but a legal act specifically aimed at the financial sector. This characteristic is confirmed by the recognition that the requirements outlined in DORA take precedence over those established by NIS 2. Therefore, financial entities must focus on compliance with DORA regulations regarding the management of cybersecurity risks and digital operational resilience.

In this sense, the importance of clear and defined requirements becomes crucial for financial entities, not only to ensure the security of data and transactions but also to build lasting trust with clients and investors. Compliance with DORA implies a rigorous discipline in addressing cybersecurity threats and a responsiveness in reporting incidents.

### Coordination Mechanisms and Effective Response

To ensure that financial entities are adequately equipped to face cybersecurity challenges, DORA proposes specific coordination mechanisms. In particular, it emphasizes the importance of skills and training for personnel specialized in managing operational and cybersecurity risks.

Competent authorities are encouraged to establish multidisciplinary groups aimed at assessing critical third-party ICT service providers. This approach is fundamental to ensuring that surveillance activities are effective and timely, thereby enabling rapid and appropriate intervention in case of incidents.

### Conclusion

The transition towards a more integrated and specific regulatory framework for the financial sector is not just a legal responsibility but an imperative necessity in a global context dominated by cybersecurity threats. Effective governance, inter-sector cooperation, and strategic preparedness are the foundations for building…