Digital Operational Resilience Act (DORA) News & Updates – February 2025
Published on 20/02/2025
It’s been over a month since the Digital Operational Resilience Act (DORA) came into action. DORA was implemented within the EU finance sector with the purpose of strengthening the sector’s level of IT security and boosting the capability of organisations to effectively manage and overcome disruption, including unforeseen challenges. Since its arrival, the EU-level legislation has undoubtedly been a major talking point across not only Europe, but globally.
Here are 3 key points that were identified during the month of February:
There has been a steady flow of major global organisations publishing content that deep dives into the importance of DORA. This includes the likes of Deloitte, PwC, and KPMG. As seen previously with major legislations, acknowledgement from widely recognised organisations is a huge driver of awareness and interest.
Interestingly, some leaders in the IT industry have found the process of complying with DORA to be somewhat difficult. Following the confirmation of DORA’s arrival, many organisations began internally evaluating the roles and duties related to the ICT security measures that are at DORA’s core. However, compliance has proven to be especially challenging within the third-party risk management aspect of DORA. This part of DORA involves the assessment of contracts with ICT providers. This task may be particularly difficult for smaller companies where fewer resources are available (csoonline.com).
Over the past month, the broader impact of DORA beyond the EU finance sector has been a topic that’s acquired more recognition. Organisations across the world are increasingly acknowledging the global implications of DORA. Whilst it’s an EU-level legislation, it’s reach extends far beyond the EU. Crucially, its guidelines must still be adhered to by those who trade/operate in the EU but are based outside of it.
Currently, there have been no widely publicised cases of companies coming under scrutiny for non-compliance with DORA. However, with the legislation having only come into full effect a little over a month ago, it’s certainly still in its early stages.
Nonetheless, it can be expected that regulators will closely monitor compliance and take action against entities displaying non-compliance. Furthermore, as DORA is a major legislation, it's requirements go beyond compliance. Organisations are required to be equipped with supporting evidence of compliance.
To learn more about compliance with DORA as well as how our team of experts can support with compliance, please get in touch.