EU’s DORA Regulation Comes Into Effect Today To Address Risk Of Cyber Threats

Today marks the official implementation of the Digital Operational Resilience Act (DORA) across the European Union, a regulation designed to fortify financial institutions against cyber threats and operational disruptions.

With its introduction, DORA sets a standardized framework requiring firms to ensure the stability and security of their digital operations, reflecting the growing need for robust resilience in a digital-first financial ecosystem.

DORA affects a wide range of entities, including banks, fintech companies, and cryptocurrency service providers. The regulation places a strong emphasis on accountability, requiring firms to demonstrate preparedness against risks and their ability to respond swiftly to incidents. This approach aims to mitigate the widespread disruptions that have plagued financial services in recent years.

“Many financial institutions are facing challenges adapting to the new regulations”

Paulo Rodriguez, head of international at Vanta, shared his perspective on the challenges firms face in meeting DORA’s requirements. “With the cyber threat landscape rapidly evolving, the final January 17th compliance date for DORA promises to improve digital resilience within the EU. The regulation introduced a robust framework to support financial institutions in their efforts to withstand, respond to, and recover from cyber threats and other disruptions. However, many financial institutions are facing challenges adapting to the new regulations.”

Rodriguez drew a comparison to a previous regulatory initiative in the European Union. “This shouldn’t come as a surprise. GDPR, the EU’s other great effort to improve digital resilience, was introduced six years ago, and businesses are still struggling to grapple with the regulation to this day. Achieving and maintaining compliance demands a significant overhaul of business practices, as well as resource-heavy monitoring and auditing. No doubt DORA is leaving financial institutions and their third-party vendors facing similar headwinds.”

The role of technology in meeting these new standards has also come under discussion. Rodriguez pointed to the potential of artificial intelligence as a key tool in compliance efforts. “For those still to get in line with the new framework, there may yet be a saving grace. AI has proven particularly effective at automating manual tasks and could be the perfect companion for security teams dealing with DORA. The technology has the potential to make achieving and maintaining compliance a far more straightforward task for financial institutions, ensuring greater digital resilience,” he explained.

Eduardo Crespo, vice president of EMEA at PagerDuty, highlighted the broader impact of the regulation. “The implementation of the Digital Operational Resilience Act (DORA) in the EU this January 2025 will stress test the resilience of the financial services sector as a whole, helping to improve operations in the long term by protecting consumers and preserving market integrity. With an increased reliance on digitalized financial and banking services, customers require assurance that their money, assets, and transactions are in safe hands.”

Crespo further elaborated on the cost of recent global disruptions, stating, “In the wake of global outage incidents in 2024, which on average cost over $800,000 per major incident to companies, disruptions remain a critical concern for IT and business executives. Our recent research highlights that 88% of executives in the EU and UK expect another major incident will occur in the next 12 months.”

The introduction of DORA comes at a critical juncture for financial services. With its focus on proactive risk management and operational accountability, the regulation signals a concerted effort to build trust and resilience in a sector increasingly reliant on digital systems. As institutions navigate the requirements, the broader implications for the industry and its consumers will continue to unfold.