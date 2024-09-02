The Digital Operational Resilience Act, or DORA, is a European Union (EU) regulation that created a binding, comprehensive information and communication technology (ICT) risk-management framework for the EU financial sector. DORA establishes technical standards that financial entities and their critical third-party technology service providers must implement in their ICT systems by January 17, 2025.

DORA applies to all financial institutions in the EU. That includes traditional financial entities (like banks, investment firms and credit institutions) and non-traditional entities (like crypto-asset service providers and crowdfunding platforms). Notably, DORA also applies to some entities typically excluded from financial regulations.

DORA and other regulations focus on operational resilience, which is the ability to provide reliable and secure services to customers to address regulatory compliance and cybersecurity challenges. They require financial institutions to define the business recovery process, service levels and recovery times that are acceptable for their business. Regulators also require organizations to test business recovery processes periodically and provide documented test results showing that SLAs have been met.

As part of the risk-assessment process, entities must conduct business impact analyses to assess how specific scenarios and severe disruptions might affect the business. Entities will also be expected to put appropriate cybersecurity protection measures in place. This is where new solutions with cyber resilience become part of the picture.