On January 17, 2025, the Digital Operational Resilience Act (DORA) officially came into full effect, marking a significant milestone for cybersecurity and digital resilience in the European financial sector. This EU-regulation introduces stringent requirements for financial institutions to enhance their cyber and ICT protection.
For financial firms seeking support in navigating these new compliance challenges, Resillion offers comprehensive end-to-end digital testing services. For more information click here. [link to exisiting DORA page – tweak intro
In an era where digital operations are pivotal to the functioning of the financial sector, maintaining operational resilience is not just a necessity but a regulatory requirement. The Digital Operational Resilience Act (DORA) is a groundbreaking legislative framework from the European Union (EU) that was activated for organisations operating in Europe from 17 January 2025.
The objectives of DORA
DORA is designed to ensure that all entities in the financial system have the necessary safeguards to mitigate cyber threats and IT disruptions, consolidating and enhancing their digital operational resilience to prevent, withstand and recover from such incidents. It applies to a broad spectrum of financial entities, including banks, insurance companies, investment firms, crypto-asset service providers, and even critical third-party service providers such as cloud computing services.
The challenges of implementing DORA
Although DORA aims to safeguard financial stability, its implementation comes with a set of challenges, including how to
- align existing IT infrastructure and operations to meet its stringent requirements
- ensure continuous compliance with evolving IT risk management requirements
- manage and oversee third-party risks, especially in areas like cloud services and critical IT utilities.
An overview of the five pillars of DORA
When drawing up the objectives of DORA, the regulators provided the following pillars to help organisations structure their approach:
- IT risk management requirements: Establishing robust mechanisms to identify, measure and mitigate IT risks.
- Incident reporting mechanism: Mandatory reporting of major IT-related incidents to national and EU authorities.
- Digital operational resilience testing: Regular testing to assess the resilience of IT systems and infrastructures.
- Management of IT third-party risk: All financial entities must ensure that their third-party service providers adhere to stringent resilience standards.
- Information sharing: Encouraging sharing of cyber threat intelligence and best practices among financial entities without breaching confidentiality obligations.
Discover how Resillion fuelled a real-world DevOps transformation journey.
In 2024, this financial institution faced significant hurdles, including plummeting customer satisfaction and outdated IT services. By partnering with Resillion and fully embracing DevOps practices, they revolutionized their software development processes, achieving increased release frequency, reduced production issues, and enhanced customer experiences. This case study delves into the strategic steps we implemented – from comprehensive assessment to tailored coaching – that led to their impressive transformation.
Let us help you strengthen your digital operational resilience.
Contact us today to learn more about our services and how we can assist you in meeting and exceeding DORA requirements.
Our Accreditations and Certifications
