Digital Operational Resilience Act DORA

What is DORA?

In response to the continual surge in cyberattacks and the growing reliance on technology, financial institutions find themselves obliged to embark on transformation projects and remediation initiatives to align with the latest regulatory frameworks. The DORA regulation will apply from 17 January, 2025.

The Digital Operational Resilience Act (DORA) is a new regulation adopted by the European Parliament that applies to the financial sector. It was adopted by the European Council in November 2022 and published in December 2022. DORA’s objective is to strengthen and harmonise the "digital operational resilience" of the financial sector within the European Union.

DORA establishes a set of requirements aimed at enhancing the level of digital operational resilience of financial institutions within the European Union, and their ICT service providers irrespective of their location, by proposing a harmonised approach to existing rules, where they exist.

What are the key requirements of DORA?

Requirements are organised around five key pillars:

Management of risks related to Information and Communication Technology (ICT)
Management and reporting of incidents related to ICT
Digital Operational Resilience Testing
Management of risks related to third-party ICT service providers
Sharing information and intelligence related to cyber threats

DORA regulation key dates

Effective on January 16, 2023, financial institutions have approximately 24 months to comply with the DORA regulation. During this period, it will be supplemented by several Regulatory Technical Standards (RTS) / Implementing Technical Standards (ITS) developed by the European supervisory authorities. These will provide detailed specifications for the technical implementation of certain requirements of the regulation.

How can we help?

Protiviti offers comprehensive support throughout the entire DORA journey towards heightened digital resilience utilising specially designed tools to analyse your current maturity level, pinpoint areas for improvement in each chapter, and propose tailored measures for regulatory fulfillment, supporting you to operationalise against DORA expectations, and embedding an enduring capability.

Our expert teams possess the essential skills, knowledge, and specialised experience. With ongoing training and relevant professional certifications in IT audit, cybersecurity, and project management including CISA, CISM, CISSP, ISO 27001, ISO 22301, TOGAF, ITIL, OneTrust, we demonstrate a commitment to maintaining the highest level of expertise.