DORA compliance 2025

As the Digital Operational Resilience Act (DORA) officially comes into force on 17th January 2025, financial entities across the EU are expected to be on the final stretch in preparation for compliance with DORA while ICT service providers are also being faced with various requests from financial entities in view of DORA.

Designed to harmonise and strengthen the operational resilience of financial entities and their third-party ICT providers, DORA is a transformative regulatory framework whose impact goes beyond the financial entities themselves. With only a few weeks remaining, entities that are captured under its scope or impacted by it must act swiftly to ensure compliance and readiness.

In light of this critical stage, GTG is proud to announce the launch of two distinct article series to help navigate these uncharted waters:

  1. Chartering DORA Compliance: A Guide for Financial Entities
  2. DORA Readiness: Empowering ICT Service Providers in Financial Services

Both series are intended to offer practical insights, guidance, and actionable steps for those impacted by DORA. Whether you’re a financial entity working to align with the new requirements or an ICT service provider supporting the financial sector, these resources will provide the tools and knowledge necessary to adapt.

What is DORA?

DORA is a critical, first of its kind, EU regulation which aims to ensure the operational resilience of financial entities including that financial entities can withstand, respond to, and recover from ICT-related disruptions. In an era of increasing digitalisation and growing cybersecurity threats, DORA establishes a robust and uniform framework for digital operational resilience, addressing:

  • Governance and Risk Management: Requiring financial entities to implement and maintain a robust ICT risk management framework
  • ICT Incident Reporting: Mandating standardised procedures for identifying and reporting significant ICT-related incidents
  • Operational Resilience Testing: Instituting regular testing of systems, processes, business continuity and controls to ensure resilience
  • ICT Third-Party Risk Management: Setting comprehensive oversight and contractual requirements for critical ICT third-party service providers.

Why DORA Matters

DORA is not just another regulatory requirement; it is a game-changer for the financial services industry. Its emphasis on operational continuity and resilience reflects the EU’s recognition of the critical role ICT plays in financial stability. Financial entities, ranging from credit institutions to insurance companies, must adopt a proactive approach to compliance to protect customers, mitigate risks and enhance trust.

An Oversight Framework is established by DORA for Critical ICT-Service Provider and while various ICT service providers are not directly captured by DORA itself, their provision of services to financial entities will have an unprecedented impact on their regulatory outlook.

Key Challenges Ahead

As the implementation date approaches, organisations face several challenges, including:

  • Mapping Compliance Obligations: Financial entities must assess existing processes and identify gaps against DORA’s requirements.
  • Aligning with ICT Providers: Ensuring ICT service providers are bound by appropriate contractual arrangements and aligned with DORA’s standards for oversight and risk management. ICT service providers from their end will thus also be impacted by these growing requirements especially in their contracts with financial entity customers and in turn, their contractual arrangements with their own ICT subcontractors.
  • Resource Allocation: Allocating the necessary time, budget, and expertise to meet compliance deadlines.

GTG: Helping You Navigate DORA

Recognising these challenges, GTG’s upcoming article series will address the unique needs of both financial entities and ICT service providers.

The countdown to DORA’s implementation is a defining moment for the financial services industry. By fostering a culture of resilience and compliance, organisations can not only meet regulatory requirements but also strengthen their competitive edge in an increasingly digital landscape.

GTG will thus be navigating the intersection of law and technology and delving deeper into actionable strategies and insights for achieving DORA compliance.

For more information and assistance, please contact us at info@gtg.com.mt.

Disclaimer This article is not intended to impart legal advice and readers are asked to seek verification of statements made before acting on them.
Skip to content