The Digital Operational Resilience Act (DORA) is a EU regulation that entered into force on 16 January 2023 and will apply as of 17 January 2025. It aims at strengthening the IT security of financial entities such as banks, insurance companies and investment firms and making sure that the financial sector in Europe is able to stay resilient in the event of a severe operational disruption.

Why we need dora ?

DORA, or the Digital Operational Resilience Act, is important because it helps ensure that financial institutions are prepared to handle cyber-attacks and other disruptions caused by technology failures. With more financial services relying on technology, there's a greater risk of these disruptions impacting not just the financial sector, but the broader economy too. DORA aims to strengthen the digital resilience of financial entities, helping to prevent and mitigate the effects of such incidents.

Here are the key topics covered by the proposed Regulation

1. Governance and risk management: Financial institutions need clear plans for who does what, regular risk checks, and plans for what to do if things go wrong.
2. ICT and security management: They must deal with risks in their technology and security, like cyber threats, by putting in measures to protect data and control who has access.
3. Outsourcing and third-party risk management: They have to be careful when working with other companies to make sure they can still operate smoothly. This means checking contracts, making sure the services they use are reliable, and keeping an eye on them.
4. Incident reporting and response: If something big goes wrong, they have to tell the authorities and work with them to sort it out. They also need plans in place to deal with different kinds of problems.
5. Testing and scenario analysis: Financial institutions need to regularly check how well they can handle problems and practice dealing with different situations.