Skip to content

La Firma
Áreas
Inteligencia
Equipo
Insights
Contacto

Madrid · Internacional

09.05.2025

Does DORA Discriminate Against Financial Microenterprises? The Truth Behind the Exemptions

In the world of financial regulation, the Digital Operational Resilience Act (DORA) has generated both praise and controversy. Today, we delve into a particularly interesting aspect: the exemptions for microenterprises and financial entities subject to the simplified framework. Is this a case of necessary positive discrimination or a dangerous regulatory oversight?

STAY UPDATED

Subscribe to stay current on ILP Insights

Below, we leave you with a video collaboration, in case you prefer this format:

Does DORA discriminate against micro enterprises in finance? The truth behind the exemptions💭

The Dilemma of Proportionality

DORA introduces a series of obligations to ensure the digital operational resilience of the financial sector. However, recognizing the diversity of the financial ecosystem, the regulation establishes a more flexible regime for microenterprises. This decision raises a fundamental question: How can we balance the need for robust regulation with the operational reality of smaller entities?

Key Exemptions: Relief or Risk?

Among the most notable exemptions for microenterprises, we find the following:

No need to create a specific position for monitoring agreements with ICT service providers.
Exemption from designating a senior management member as responsible for overseeing ICT risk.
Flexibility in the documentation and review of the ICT risk management framework.
No obligation to conduct periodic internal audits of the ICT risk management framework.
Exemption from maintaining redundant ICT capabilities (although they must assess their necessity).

The Debate: Protection vs. Vulnerability

Supporters argue that these exemptions are vital for the survival of microenterprises in an increasingly regulated environment. However, critics point out that they could create weak points in the global financial system.

Shared Responsibility

It is crucial to highlight that DORA does not completely exempt microenterprises from their responsibilities. For example:

They must seek a balance between resilience, resources, and risk profile in their testing programs.
They can delegate certain audit rights but must maintain the ability to request crucial information.

Conclusion: A Nuanced Approach

DORA recognizes that a one-size-fits-all approach does not work in the complex world of financial regulation. The exemptions for microenterprises aim to create a proportional framework that does not stifle innovation or competition.

However, the question remains: Have we found the right balance? Only time and a careful evaluation of the results will give us the definitive answer.

What do you think? Are these exemptions a practical necessity or a potential risk to the financial system? Share your views in the comments.

If you liked this article, you might also find the following reading interesting:

DORA: Digital Resilience in the Financial Sector. Balancing Regulation and Flexibility

Contacto
No te quedes con la duda, contacta con nosotros. Estaremos encantados de atenderte y ofrecerte soluciones.

DORA, Financial Regulatory

GUÍA GRATUITA

Regulación Financiera España 2026

DORA + MiCA + MiFID II + EMIR en un solo documento

Descargar gratis →

Todas 1397
Asesoramiento corporativo 35
Compliance 4
Concursal 64
- Reestructuración de deuda 3
Energía y Sostenibilidad 83
Impuestos 57
Litigios 156
M&A 150
Regulatorio Financiero 222
Secretarías de consejo 14
Societario 290
Startups 180
Top 100 100

Videos relacionados

Cargando videos…

Top 100 Articulos

Top 100 articulos

Inteligencia que entiende tu negocio

Firma de abogados especializada en regulatorio financiero, M&A y derecho corporativo.

Servicios

Regulatorio Financiero M&A Compliance Concursal Energía Protección de Datos Nuestro Equipo Glosario Legal

Contacto

atencionalcliente@ilpabogados.com +34 914 582 492

MADRID
Paseo de la Castellana 120
5º Izquierda, 28046

Newsletter

Recibe el Radar Regulatorio mensual directamente en tu email.

INTERNACIONAL
España · Portugal · Bélgica

© 2026 ILP Abogados · International Legal Partners

Aviso legal Privacidad Cookies

Manage Consent

To provide the best experiences, we use technologies like cookies to store and/or access device information. Consenting to these technologies will allow us to process data such as browsing behavior or unique IDs on this site. Not consenting or withdrawing consent, may adversely affect certain features and functions.

Functional Functional Always active

The technical storage or access is strictly necessary for the legitimate purpose of enabling the use of a specific service explicitly requested by the subscriber or user, or for the sole purpose of carrying out the transmission of a communication over an electronic communications network.

Preferences Preferences

The technical storage or access is necessary for the legitimate purpose of storing preferences that are not requested by the subscriber or user.

Statistics Statistics

The technical storage or access that is used exclusively for statistical purposes. The technical storage or access that is used exclusively for anonymous statistical purposes. Without a subpoena, voluntary compliance on the part of your Internet Service Provider, or additional records from a third party, information stored or retrieved for this purpose alone cannot usually be used to identify you.

Marketing Marketing

The technical storage or access is required to create user profiles to send advertising, or to track the user on a website or across several websites for similar marketing purposes.

Manage options
Manage services
Manage {vendor_count} vendors
Read more about these purposes

View preferences

{title}
{title}
{title}

Discover more from ILP Abogados

Subscribe now to keep reading and get access to the full archive.

Type your email…

Continue reading