DORA in a nutshell

The Digital Operational Resilience Act (DORA) is part of the EU’s efforts to regulate the digital sector and enhance operational resilience, boost security requirements to reduce threats and risks from the use of ICT and improve institutions’ ability to prevent and deal with ICT related incidents. DORA applies to both digital service providers and financial entities.

When does it come into effect?

It comes into effect on the 17th of January 2025.

Who does DORA impact?

It impacts all finance actors, including banks, insurance companies and investment firms. It also applies to critical 3^rd party ICT-related services (cloud platforms, data analytics services) in the 27 EU member states.

Interested in discovering how BMIT can support your journey towards DORA compliance? Dive deeper into our tailored solutions by clicking here.

What are the regulations based on?

DORA is based upon a foundation of five distinct pillars, each representing a fundamental aspect to regulate the digital sector and enhance operational resilience

1. ICT Risk Management,
2. ICT-related Incident Management;
3. Digital Operational Resilience Testing,
4. ICT Third Party Risk Management
5. Information Sharing Arrangements.

Is DORA a challenge? The impact of DORA will vary depending on the size of company, number of employees and revenue but more importantly on their security and compliance posture and maturity. However, every industry player must have an ICT framework in place to mitigate cyberthreats and build resilience. This requires investment in resources and technology. Compliance requires time and effort and for some unprepared entities this may be a problem.

How is your DORA roadmap looking?

The clock is running down. You do not want to be scrambling to tick boxes in January 2025. If you are unsure where you stand with DORA or have doubts about your existing policies and technologies, talk to us today and one of our experts will promptly get in touch to discuss how we can meet your specific needs!