Digital Operational Resilience Act UK

Digital Operational Resilience Act DORA​

What is Digital Operational Resilience Act (DORA)?​

In response to the continual surge in cyberattacks and the growing reliance on technology, financial institutions find themselves obliged to embark on transformation projects and remediation initiatives to align with the latest regulatory frameworks. The DORA regulation will apply from 17 January, 2025.

The Digital Operational Resilience Act (DORA) is a new regulation adopted by the European Parliament that applies to the financial sector. It was adopted by the European Council in November 2022 and published in December 2022. DORA’s objective is to strengthen and harmonise the "digital operational resilience" of the financial sector within the European Union.

DORA establishes a set of requirements aimed at enhancing the level of digital operational resilience of financial institutions within the European Union, and their ICT service providers irrespective of their location, by proposing a harmonised approach to existing rules, where they exist.

Key requirements of DORA UK

What are the key requirements of DORA?​

Requirements are organised around five key pillars:​ 

  1. Management of risks related to Information and Communication Technology (ICT) ​ 
  2. Management and reporting of incidents related to ICT ​ 
  3. Digital Operational Resilience Testing 
  4. Management of risks related to third-party ICT service providers​ 
  5. Sharing information and intelligence related to cyber threats
Key Specifications of DORA regulation in the UK

DORA regulation key dates​

Effective on January 16, 2023, financial institutions have approximately 24 months to comply with the DORA regulation. During this period, it will be supplemented by several Regulatory Technical Standards (RTS) / Implementing Technical Standards (ITS) developed by the European supervisory authorities. These will provide detailed specifications for the technical implementation of certain requirements of the regulation.

Key Specifications of DORA regulation in the UK
DORA regulation timelines
DORA regulation timelines
DORA regulation timelines

How can Protiviti help with the Digital Operation Resilience Act?

Protiviti offers DORA consulting and comprehensive support throughout the entire DORA journey towards heightened digital resilience utilising specially designed tools to analyse your current maturity level, pinpoint areas for improvement in each chapter, and propose tailored measures for regulatory fulfillment, supporting you to operationalise against DORA expectations, and embedding an enduring capability.

Our expert teams possess the essential skills, knowledge, and specialised experience. With ongoing training and relevant professional certifications in IT audit, cybersecurity, and project management including CISA, CISM, CISSP, ISO 27001, ISO 22301, TOGAF, ITIL, OneTrust, we demonstrate a commitment to maintaining the highest level of expertise. 

Loading...