Digital Operational Resilience Act (DORA) News & Updates – January 2025
Published on 16/01/2025
On the 16th of January 2023, the Digital Operational Resilience Act (DORA) entered into force. The 17th of January 2025 was set as the date on which the regulation would officially apply to the finance sector.
Whilst DORA applies to the EU finance sector, its guidelines must also be adhered to by those who trade/operate in the EU but are based outside of it (such as UK-based organisations). With organisations far and wide having been gearing up for DORA’s arrival, this pivotal regulation is set to give rise to a new era of regulatory guidelines for financial services firms.
For an easy-to-follow overview of DORA, check out our guide.
DORA’s arrival aims to support the finance sector with strengthening its level of IT security and boosting the capability of organisations to effectively manage and overcome disruption, including unforeseen challenges.
You may be thinking, how exactly will DORA achieve this? Essentially, DORA introduces new requirements and guidelines that cover the following areas:
Through successfully following DORA’s guidelines, organisations are equipping themselves with the ability to be as effectively set up as possible when navigating the finance sector’s everchanging risk landscape. The following 20 types of financial entity and third-party supplier must comply with DORA:
Prior to DORA’s implementation, other regulations were applied to the finance sector, however, the influence and impact of these regulations varied from entity to entity based on several factors. A complexity caused by this was the lack of harmonisation within the sector. Through being a major EU-level legislation, this is something that DORA directly addresses and resolves. Additionally, DORA requires organisations to not only comply with guidelines, but also provide comprehensive evidence of compliance.
DORA is set to be a transformative chapter for the finance sector, making it more resilient and protected.
Following the 17th of January, we’ll all be able to witness how DORA unfolds. Whilst some companies may have ticked off their DORA to-do list well in advance, others may be waiting to see how things pan out ahead of making their moves. As DORA is a major EU-level legislation, it’s likely that compliance will be taken very seriously, leading to non-compliant organisations very possibly coming under scrutiny and being handed fines.
Interestingly, it seems that the stakes of accountability are rising with each major legislation that is enforced. This was evident in the aftermath of GDPR coming into force. For DORA in particular, accountability for compliance lies directly in the hands of an organisation’s board.
The approach towards DORA will have varied across the board. If your company would like support and guidance on DORA compliance, please don’t hesitate to get in touch - we are here to help you.
There is a complete alignment with our Software Escrow offering and the central aspect of risk mitigation within DORA. With over 2 decades of experience in risk mitigation and regulatory compliance, our team are established experts within these fields. We are also highly experienced with supporting organisations with providing supporting evidence of compliance.
Here’s what clients have said about their experience with us.
To book a free DORA consultation with us, please get in touch.