The EU’s Digital Operational Resilience Act (DORA) establishes a comprehensive framework for managing IT risks and ensuring operational resilience in the financial sector. It applies to various financial institutions that operate in the EU, including banks, investment firms, payment service providers, and insurance companies.
Even if you’re not directly covered, third-party providers will likely impact your operations indirectly.
Key Dates
- January 2024: Draft regulatory technical standards were released, providing further details on implementation.
- January 17, 2025: DORA officially comes into effect, although transitional periods exist for specific requirements.
- Early 2025: Full compliance with DORA becomes mandatory for all covered entities.
DORA aims to improve operational resilience to cyber threats across Europe’s financial ecosystem. It mandates robust cyber risk assessment frameworks, rapid incident response capabilities and stringent system testing. By requiring these safeguards, DORA intends to help firms minimize disruptions, swiftly restore critical operations and avoid knock-on impacts if incidents occur.
The Five Pillars of DORA
To satisfy DORA’s…
