Information Sharing (DORA)

DORA Article 45 explicitly encourages and enables financial entities to share cyber threat information and intelligence within trusted communities. The purpose is to strengthen the collective digital operational resilience of the financial sector by improving awareness of cyber threats.

Back to Dictionary

What is information sharing under DORA?

Cyber threat information sharing involves financial institutions exchanging data on current threats, attack techniques, indicators of compromise (IoCs) and best practices for combating these threats. This creates a collective defence effect that benefits the entire sector.

DORA Chapter VI (Article 45) establishes the legal framework for this sharing and gives financial entities the ability to participate in information-sharing arrangements without concerns about potential competition law or data protection barriers. The framework is closely linked to the broader goal of digital operational resilience.

The voluntary framework

Information sharing under DORA is voluntary -- it is not a requirement but an opportunity. DORA enables financial entities to:

Participate in trusted information-sharing arrangements with other financial institutions
Share indicators of compromise, cyber threat intelligence and tactics from threat actors
Receive and act on information from other participants in the arrangements
Contribute to collective cyber threat assessments for the sector

Legal clarity for participants

One of DORA's most important contributions in the area of information sharing is the legal clarity the regulation creates. Financial entities have previously been reluctant to share threat information due to uncertainty about competition law and data protection. DORA makes explicit that participation in approved information-sharing arrangements is lawful.

The arrangements must meet certain requirements, including:

Protection of confidential information
Anonymisation of personal data in accordance with GDPR
Clear rules for participation and access to shared information

Strengthening collective resilience: Information sharing is one of DORA's five pillars. By facilitating the exchange of threat intelligence across the financial sector, DORA aims to create a collective defence mechanism where an attack on one entity strengthens the preparedness of all participants.

Frequently Asked Questions about Information Sharing (DORA)

Is information sharing mandatory under DORA?

No. Information sharing under DORA is voluntary. DORA enables and encourages financial entities to participate in trusted information-sharing arrangements, but it is not a requirement.

What type of information can be shared under DORA?

Financial entities can share cyber threat intelligence, indicators of compromise (IoCs), tactics, techniques and procedures (TTPs) of threat actors, and security alerts. All shared information must be anonymised where personal data is involved.

Does information sharing under DORA conflict with GDPR?

No. DORA explicitly addresses this concern by requiring that information-sharing arrangements anonymise personal data in accordance with GDPR. The regulation provides legal clarity that participation in approved arrangements is lawful.

Who can participate in DORA information-sharing arrangements?

Financial entities covered by DORA can participate in trusted information-sharing communities. This includes banks, insurers, investment firms and other financial undertakings. The arrangements must operate within a trusted framework with clear participation rules.

How does information sharing relate to DORA's other pillars?

Information sharing is one of DORA's five pillars, alongside ICT risk management, incident reporting, resilience testing and third-party risk management. It complements the other pillars by providing collective threat awareness that strengthens individual and sector-wide resilience.