DORA and NIS2: New standards for security and trust in the digital world

Blog DORA and NIS2: New standards for security and trust in the digital world

DORA and NIS2: New standards for security and trust in the digital world

We are preparing our products, services and processes to meet new cybersecurity requirements.

DORA and NIS2: New standards for security and trust in the digital world

Today, digital trust and security are key factors for all organisations that handle sensitive data and provide critical digital services. With the advent of DORA (Digital Operational Resilience Act) and NIS2 (Network and Information Security Directive 2), cyber regulation is tightening, and as a qualified trust service provider, we are working to ensure that our customers are offered OBELISK products and cloud-based digital trust services that meet current security standards.

What are DORA and NIS2 and why do they affect us?

DORA: Strengthening digital resilience in the financial sector

DORA, which came into force in January 2025, imposes stricter rules on ICT risk management, cyber resilience testing and supply chain security. It primarily targets entities in the financial sector, but also significantly affects technology providers, including digital trust services such as:


DORA requires these services to be as secure, accessible and protected against cyber-attacks as possible.

NIS2: Broader cybersecurity regulation across sectors

Unlike DORA, which focuses on the financial sector, NIS2 extends cybersecurity requirements to a wide range of organisations, including digital service providers. Crucially for SEFIRA, NIS2 delivers:

  • Mandatory risk management and monitoring of security incidents
  • Stricter requirements to protect against cyber attacks
  • Regular testing and assessment of IT system security
  • Management responsibility for security measures

 

As a qualified provider of digital trust services, we ensure that our products not only comply with legislative requirements, but are also technically and procedurally prepared for cyber threats and crisis situations. Already today, the conditions for operating as a qualified provider require working in a regime that practically corresponds to the NIS2 directive and demonstrating compliance with regular audits.

How are we preparing our digital trust products for DORA and NIS2?

SEFIRA has long focused on digital trust and PKI. DORA and NIS2 are opportunities for us to move and improve in this area, so we have invested our attention in the following areas:

Ensuring high availability and resilience of our services
OBELISK products meet high availability requirements and cloud services are hosted in Amazon's secure European data centres. We continuously reduce the RTO and RPO parameters of our services.

Enhancing the security of electronic signatures and identity work
We are expanding authentication and integration capabilities to identity sources such as EntraID, integration with IDM systems, and more.

Strengthening monitoring of security incidents
We are significantly strengthening our monitoring tools. We are investing in new dashboards to better understand the operational status of the system.

Audit and penetration testing of our digital trust services
We regularly undergo independent security audits and penetration tests of our products and services. We comply with ISO 27001, ISO 27017 and ISO 27018 standards.

Supply Chain and Third Party Protection
We build our products and services on technology from certified partners who make security a priority. Our partners include Entrust, Oracle and Amazon.

DORA and NIS2 represent an important step towards greater digital security in the EU. But for SEFIRA, it is not just a regulatory obligation - the security of our products and cloud services is the foundation of digital trust.

Related
products and services

Certification of SEFIRA and OBELISK products

Consultation on the digitization of organizations

OBELISK Digitalization Platform

QTSP Accreditation

QTSP Accreditation

NATO Secret clearance

NATO Secret clearance

Membership of the ESD

Membership of the ESD

ISO

ISO