Digital Operational Resilience Act (DORA)

Navigate DORA with Confidence with BDO Malta.

Get in touch

Digital Operational Resilience Act (DORA)

The European Union Council has formally adopted the Digital Operational Resilience Act (DORA), a regulation introduced to ensure that digital infrastructure, including the systems and networks that underpin critical services in the financial sector, is secure and resilient against potential threats.

 

Objectives of DORA

The objective of DORA is to improve the cybersecurity and operational resilience of all regulated European financial institutions and of crucial third parties that provide these institutions with ICT-related services. While cyberattacks cannot be avoided, financial stability in Europe can still be achieved if organizations mitigate the impact of cyber threats on Information and Communication Technology (ICT). 

 

DORA Implementation Timeline

 

DORA Implementation timeline


Who is responsible?

Overall responsibility for this framework, and other governance obligations imposed by DORA, will rest on the firm’s management, which will be responsible for reviewing, approving, implementing and updating the risk management framework. This will require management to have full awareness and understanding of the financial institution’s ICT usage, services and risk profile. Firms may wish to revisit the manner in which reporting lines from their ICT teams into senior management function in practice. The financial institutions that are subject to DORA must appoint a senior executive responsible for digital operational resilience and report incidents to the appropriate authorities. 

 

Impact of DORA

Compliance with DORA can be challenging and time-consuming for these organisations. The entities’ competent Authority will ensure compliance with DORA requirements. EU Member States will have the right to impose penalties for breach of obligations.

 

Achieving compliance with DORA

Achieving compliance with the onerous DORA obligations is challenging and time-consuming.

We recommend adopting a phased approach whereby the in-scope entities chart a DORA Compliance Program with the aim of achieving DORA Compliance as soon as possible. Failure to achieve compliance may lead to severe fines from January 2025 onwards.

 

Want to know more? Get in touch with our Technology Team

DORA Compliance: Key contacts

Our Technology experts can assist you with DORA Compliance

Ivan Spiteri Director

Ivan Spiteri

Director of Technology Advisory & Assurance
View bio
DORA Compliance Program

DORA Compliance: Our BDO Solution

Our Technology experts can help you with a DORA Compliance program
Learn more

Our Insights about DORA

Read more about DORA with our articles and resources