Cookie consent

By clicking “Accept”, you agree to the storing of cookies on your device to enhance site navigation, analyze site usage, and assist in our marketing efforts. View our Privacy Policy for more information.

November 10, 2022

The Digital Operational Resilience Act: Three things you need to know

As you have probably heard, the Digital Operational Resilience Act (DORA) is regulatory legislation proposed by the European Commission that seeks to improve the resilience posture of any financial services organizations and third-party providers that operate within the EU. In particular, the DORA law is intended to protect financial entities and those that access their services against cyber threats such as Distributed Denial of Service attacks, ransomware, data breaches, and more. If you have not kept up to date on the DORA, here are the three things you need to keep in mind.


1. The DORA law has specific regulatory requirements 

The DORA is underpinned by five pillars of resilience: Risk management, incident reporting, digital operational resilience testing, ICT third-party risk, and information sharing. To be in full compliance you will need to understand how your resilience vendors address each of these requirements. Do you take a best-of-breed approach for each application or try to find a single vendor that might provide a suboptimal solution?


2. There is a wide range of financial firms and other third-party businesses that will be affected by the DORA law 

The DORA covers a broad range of financial institutions, including credit institutions, payment institutions, e-money institutions, investment firms, crypto-asset service providers, central securities depositories, managers of alternative investment funds, UCITS management companies, administrators of critical benchmarks, crowdfunding service providers, and ICT third-party service providers. Many companies that have not previously been subject to specific ICT regulations are within the proposed scope of the DORA.


3. The timeline to be compliant with the DORA law will be here faster than you think

The DORA was first introduced in September 2020 and the provisional agreement on the DORA’s content was reached on May 11th, 2022. It is expected to be finalized later in 2022 and will have an aggressive timetable of implementation and final compliance by Q4 2024, so all impacted businesses need to start preparing now. 


The DORA is a lengthy piece of legislation and it’s hard to dissect. Luckily, Cutover can help you to understand what this new legislation means, who is impacted, and how you can begin to prepare for it. Download your free copy of our white paper today and start getting ready for the DORA!

Walter Kenrich
Financial services
Industry news
Operational resilience
More from the blog