The European Commission has announced a series of infringement decisions detailing the actions it is taking against several EU member states. These states have failed to notify the commission of the measures they have taken to transpose EU directives into their national laws before the deadlines to do so have expired. Among those directives is the Digital Operational Resilience Act (DORA), which had a deadline of 17 January 2025 for transposition into national law.
13 member states – Belgium, Bulgaria, Denmark, France, Greece, Latvia, Lithuania, Malta, Poland, Portugal, Romania, Slovenia, and Spain – have failed to fully transpose the DORA directive. The commission has opened infringement procedures by sending letters of formal notice to them.
The commission reminds member states that “full implementation of the legislation is key to strengthening the digital operational resilience of financial entities across the EU”.
The 13 member states concerned have two months to respond to the letters of formal notice, complete their transpositions, and notify the commission.
