Experts say DORA compliance not coming easy as more firms pass buck to IT providers
By 
Neil Hodge2025-01-23T15:28:00
New rules have come into effect across the European Union to promote better cybersecurity and IT resilience across the financial services sector, but experts warn that compliance is likely to be patchy and regulatory enforcement across the bloc perhaps even patchier.
The EU’s Digital Operational Resilience Act (DORA), which went into effect Friday, aims to strengthen financial services firms’ defenses against–and responses to–potential cyberattacks so that the sector (and not just individual institutions) remains robust and intact.
The regulation sets rules on information and communication technology risk-management, incident reporting, operational resilience testing, risk monitoring of “critical” third-party IT suppliers, and information and intelligence sharing with regulators. It also makes boards directly responsible and accountable for proper implementation.
THIS IS MEMBERS-ONLY CONTENT
You are not logged in and do not have access to members-only content.
If you are already a registered user or a member, SIGN IN now.
Related articles
-
PremiumTPRM critical as DORA, new FCA third-party engagement rules come into effect in 2025
New rules that push IT firms providing “critical” services to the U.K.’s financial sector to share more data about cyberattacks and resiliency measures have been welcomed by industry experts. However, concerns remain over how suppliers will be classified and how key data might be gathered and shared.
-
PremiumDORA set to enhance cyber resilience requirements for EU financial firms
The European Union’s Digital Operational Resilience Act, which is set to take effect next year, will require financial services firms to implement stronger measures to protect not only themselves from disruption caused by cyberattacks but also the sector as a whole.
-
PremiumOil and gas executives mull the real costs of Venezuelan oil
U.S. oil and gas companies strong-armed into participating in the nationalization of Venezuela’s oil industry decades ago now face government pressure of the opposite kind: Invest billions into rebuilding a dilapidated oil and gas infrastructure for a high-risk country that still owes billions in unsettled debts.
More from Regulatory Policy
-
ArticleU.K. Employment Rights Act will lead to rise in tribunal claims
The number of U.K. employment tribunal cases could rise following reforms in the Employment Rights Act 2025. Several changes take effect this year, including shorter unfair dismissal qualifying periods, day-one worker rights, stronger protections for pregnant women, and an end to exploitative contracts.
-
ArticleU.K. government scraps long-awaited audit reforms to prioritize growth
Long-awaited reforms to the U.K. audit regime have been “scrapped” from the government’s legislative plans. The decision has led to an outburst of disappointment and frustration from audit bodies and pension funds that argued the reforms would increase trust in companies and support growth.
-
News BriefCFPB, DOJ withdraw guidance to lenders considering borrowers’ immigration status
Two months after the U.S. Consumer Financial Protection Bureau proposed a rule change to narrow anti-discrimination requirements for lenders, it has reversed previous guidance on noncitizen customers looking to borrow.