In the past few months, the financial sector has undergone a massive transformation in cybersecurity standards due to the implementation of the Digital Operational Resilience Act (DORA).
As of 17 January 2025, DORA has officially come into force, requiring financial institutions to undergo major verification to ensure that their implemented measures comply with the new regulation.
The introduction of DORA also presents a huge challenge for ICT service providers, who must adapt their services to the new requirements. This is particularly complex for providers serving multiple financial entities, as it necessitates alignment with diverse organisational needs.
The FIVE key requirements of DORA include:
- Conducting extensive risk assessments;
- Implementing an ICT risk management framework;
- Organising ICT incident response processes;
- Conducting digital operational resilience testing;
- Overseeing critical third-party ICT providers.
Whether you are a financial sector entity or an ICT service provider, 2025 will be a year of refining solutions to ensure full compliance with these regulatory requirements.
Originally published 23 January 2025
The content of this article is intended to provide a general guide to the subject matter. Specialist advice should be sought about your specific circumstances.
