• Search BSI
  • Verify a Certificate
BSI Home page
Contact Us
Search Icon
Back to menu Choose a country/region

No countries/regions found

Suggested region and language based on your location

    Your current region and language

    Submit
    DORA
    • Blog
      Digital Trust

    DORA: The EU's new digital resilience requirements

    The Digital Operational Resilience Act (DORA) has now taken effect (January 17, 2025), marking a major change in EU financial regulation.

    The Digital Operational Resilience Act (DORA) has now taken effect (January 17, 2025), marking a major change in European Union (EU) financial regulation.

    What is DORA?

    DORA is a comprehensive new framework that responds to the increasing digitalization of financial services across the EU. It establishes mandatory digital operational resilience requirements to protect the financial sector.

    These requirements affect not just traditional banks and insurers but extend to a wider range of financial services organizations and to the technology partners they rely on, including cloud platforms, software vendors, and ICT managed service providers.

    Requirements

    For financial entities

    • Implement proactive risk management systems to identify and mitigate potential operational disruptions.
    • Establish swift incident response protocols for addressing technological challenges.
    • Conduct regular resilience testing to strengthen digital defences.
    • Monitor and assess third-party ICT risks throughout the digital supply chain.

    For ICT third-party service providers

    Agree to strict contractual requirements, including:

    • Listing (and updating) the countries from where the ICT services will be delivered and where data will be processed and stored.
    • Provisions on availability, authenticity, integrity, and confidentiality in relation to the protection of data.
    • Participation in the financial entities’ ICT security awareness programmes and digital operational resilience training.
    • Rights of access, inspection, and audit.

    Business impact

    Non-compliant financial organizations may be subject to severe financial penalties and suffer significant reputational damage that may affect competitiveness. For ICT third-party service providers working in the financial sector, DORA is now essential to successfully operating in this space.

    Global implications

    Though DORA is an EU regulation, its reach extends globally—any ICT service provider working with EU financial institutions must comply with the relevant requirements regardless of where they operate.

    Find out more about DORA and how it affects your organization here.

    Visit BSI’s Experts Corner for more insights from our industry experts. Subscribe to our Experts Corner-2-Go LinkedIn newsletters for a roundup of the latest thought leadership content: Digital trust, EHS, and supply chain.

    Insights & Media

    The latest insights from our consulting experts

    Get Insights & Media