THE DIGITAL OPERATIONAL RESILIENCE ACT (DORA) SPA’s Position on Physical Payment Card Personalization – November 2024

23 November 2024

Position papers

The Digital Operational Resilience Act (“DORA”) has been released to achieve a harmonized high level of cyber-resilience in the information and communication technology (“ICT”) systems used by the European financial industry. DORA was adopted on December 14, 2022, and will come into effect on January 17, 2025. DORA is further supported by Regulatory Technical Standards, which outline additional requirements for different articles of the regulation.

DORA includes provisions for financial entities to monitor the ICT services they outsource to third parties. DORA also establishes criteria to identify the level of criticality of outsourced ICT services with a focus on contractual aspects for third Party ICT service providers to ensure the conformance with DORA.

Smart Payment Association (SPA) considers that physical payment card personalization doesn’t fall under the remit of DORA.

This document describes why.

Please enter your email address
to download the document

Share this publication :

Latest Position papers

Position papers

25 November 2025

Accessibility and the Payment Industry – An SPA Position Paper – November 2025

Regulatory Context Across Europe, accessibility is becoming a defining feature of how products and services are des...

Read the publication

Position papers

23 October 2025

Digital Identity Wallet for Payments – A joint paper by Smart Payment Association and Secure Identity Alliance – October 2025

Digital Identity Meets Payments: Promise, Pitfalls, and the Pragmatic Path Forward As Europe advances toward deploy...

Read the publication

Position papers

23 November 2024