UNDERSTANDING DORA

Businesses must be fully compliant with DORA's requirements by 17 January 2025

What is DORA?

The Digital Operational Resilience Act (DORA) is a new EU regulation that sets out requirements for digital operational resilience relating to information and communication technology (ICT) services in the financial services sector.

The regulation aims to strengthen the ICT security, and operational disruption resilience of financial service institutions.

By codifying existing regulatory guidelines on ICT outsourcing, procurement and risk management, DORA provides a single, harmonised EU rulebook.

DORA requires that financial institutions and their ICT service providers address the conditions of new regulation in their supply chain.

Compliance with DORA necessitates the amendment and renegotiation of contracts.

With a deadline of 17 January 2025, DORA required financial institutions to commence extensive contract remediation work throughout 2024.

In addition to impacting contracts, DORA also provides for direct regulation of major technology providers to financial entities, giving power to European supervisory authorities to designate specific ICT third-party service providers as subject to regulation, and then to oversee their compliance.

DORA moves the dial in increasing compliance obligations relating to how financial institutions and service providers manage operational resilience and ICT risk.

View our website
Cookie settings

Legal Notices

Cookie Policy

Privacy Policy

We have 28 offices across 4 continents