The Digital Operational Resilience Act (DORA) is a European Union regulation that came into force on 16 January 2023.

This regulatory measure was created with the objective of ensuring that companies in the financial sector are able to resist and respond effectively to any technological disruptions or cyberattacks, thus safeguarding business continuity and market stability.

DORA represents a milestone in the regulation of digital resilience, imposing common standards at European level to manage IT risks and protect consumers.

‍

What is DORA?

DORA focuses on the digital operational resilience of financial organizations and their essential service providers.

The regulation introduces specific requirements for:

• Managing technological risks: companies must adopt procedures to identify, prevent and mitigate cyberattacks.
• Monitoring critical suppliers: particular attention is paid to IT services, such as those offered by cloud computing providers.
• Operational resilience tests: companies are required to subject their systems to regular tests to verify their ability to withstand cyber incidents.
• Incident response: it is required to implement uniform protocols to respond to technological crises and coordinate with the competent authorities.
• Standardization: DORA promotes the adoption of common standards to promote cooperation between industry actors and supervisory authorities.


The regulation applies to a wide range of entities, including banks, insurance companies, payment institutions, fund managers and IT infrastructure providers.

The main purpose is to create a robust financial ecosystem, able to face the challenges of an increasingly complex digital landscape.

The DORA is not only a regulatory measure, but a guide to greater digital security for all parties involved.