women looking at a credit card

DORA: Impact on Financial Institutions and ICT Providers

The European Commission's legislation aims to create EU-wide laws to ensure the operational resilience of the financial services industry. 

The legislative proposal builds on existing Information and Communications Technology (ICT) risk management requirements established by various EU institutions and combines recent EU initiatives into a single Regulation. DORA entered into force on 16th January 2023 and will apply as of 17th January 2025.

DORA Regulation: What does this mean for organizations?

The DORA proposal was introduced as authorities around the world examined how they could improve the operational resilience of the financial sector and individual enterprises within it. The aim was to establish a consistent approach across Europe, across regulators, as well as within the financial services industry. In turn, this also has an impact on the Fintech-Bank collaboration.

This act subjects a wide range of Information and Communications Technology (ICT) enterprises that provide products and services to the finance industry under the regulatory authority of the EU. Its wide-ranging requirements have a significant operational impact on many businesses within the technology industry.

These businesses will be overseen by one of the European Supervisory Authorities (ESAs), who would have the authority to request information, perform off-site and on-site inspections, provide recommendations and requests, and, in certain cases, issue fines.

Who is affected by DORA regulation?

ICT Companies based in the EU or do business with a financial entity within the EU.

Financial Entities Information and Communications Technology (ICT) Service Providers
  • Payment solutions providers
  • Data storage solutions providers
  • Cloud providers / SaaS / Outsourcers
  • Software providers
  • Collaborative tools providers
  • Fraud management providers
  • Information management systems/ CRM solutions providers
  • Critical ISV and systems integration providers
  • Penetration testing providers
  • Governance, Risk Management and Compliance (GRC) / Risk management providers


What is the impact?

Financial Entities Information and Communications Technology (ICT) Service Providers

Financial entities must examine their partners' and third-party suppliers' policies and practices to ensure that they fulfill the new criteria.

Financial entities are responsible for ensuring that the ICT suppliers that they use have policies and processes in place to comply with the regulations.

ICTs must ensure that all policies and processes in place comply with the new regulations. Auditability is required for these rules and practices.

ICT providers will have to collaborate with financial entities to which they supply products and services.

ICT’s will be liable for the processes and policies they implement, as well as regulatory oversight.

DORA will have an impact on ALL financial entities and ICT enterprises in the EU that supply products and services to financial entities.

Organizations now need to plan for effective implementation in order to meet the deadline of 17th January 2025, when the DORA Act comes into force.

DORA's objective is to fortify the IT security of financial entities, encompassing banks, insurance companies, and investment firms. The goal is to ensure that the European financial sector maintains robust resilience in the face of significant operational disruptions.

Operational resilience is a well-established key strategic component in the financial services industry, as well as more broadly across information communications, and technology enterprises that provide services to financial services companies.

What are DORA’s Objectives?

The specific objectives of DORA are as follows:

  • Address ICT risks and strengthen digital resilience
  • Improve ICT incident reporting
  • Provide supervisors with access to ICT incident-related information
  • Ensure that preventive and resiliency measures are evaluated
  • Improve the process for testing results to be accepted across borders
  • Govern the monitoring of ICT third-party providers
  • Oversee key third-party ICT providers
  • Exchange threat intelligence.

Prepare For DORA

Operational resilience is not an option for financial institutions and ICT service providers. Although DORA primarily affects the financial industry, these regulations which are aimed at increasing cyber resilience, have significant impact on IT roles and tech companies. DORA explicitly states that financial entities must address “any reasonably identifiable" IT risks, including malicious events, that may impact enterprise networks. 

Organizations that demonstrate they've taken adequate precautions to address known cyber threats will be more accessible to investors and clients seeking to protect their assets and data. It gives those companies an immediate competitive advantage over those who delay change.

Other countries outside of the EU also need to consider this new regulation. Europe has been a regulation leader in many areas, such as data protection, privacy, and quality. Therefore, DORA also serves as a model for regulation in other regions of the world as digital operational resilience is scrutinized more.

Utimaco products provide compliant, flexible, and innovative cybersecurity solutions to organizations and critical infrastructures, delivering the reliability of an advanced and robust architecture in compliance with DORA's high operational resilience standards.

Take Strategic Action. Explore Utimaco's Critical Event Management solution for safeguarding both individuals and valuable business assets.



Verwandte Produkte

Verwandte Produkte

Wie können wir Ihnen helfen?

Sprechen Sie mit einem unserer Spezialisten und erfahren Sie, wie Utimaco Sie unterstützen kann.
Sie haben zwei verschiedene Arten von Downloads ausgewählt, so dass Sie verschiedene Formulare absenden müssen, die Sie über die beiden Tabs auswählen können.

Ihre Download-Sammlung:

    Direkt nach dem Absenden des Formulars erhalten Sie die Links zu den von Ihnen ausgewählten Downloads.

    Ihre Download-Sammlung:

      Für diese Art von Dokumenten muss Ihre E-Mail Adresse verifiziert werden. Sie erhalten die Links für die von Ihnen ausgewählten Downloads per E-Mail, nachdem Sie das unten stehende Formular abgeschickt haben.

      Downloads von Utimaco

      Besuchen Sie unseren Download-Bereich und wählen Sie aus: Broschüren, Datenblätter, White-Papers und vieles mehr. 

      Fast alle können Sie direkt ansehen und speichern (indem Sie auf den Download-Button klicken).

      Für einige Dokumente muss zunächst Ihre E-Mail-Adresse verifiziert werden. Der Button enthält dann ein E-Mail-Symbol.

      Download via e-mail


      Der Klick auf einen solchen Button öffnet ein Online-Formular, das Sie bitte ausfüllen und abschicken. Sie können mehrere Downloads dieser Art sammeln und die Links per E-Mail erhalten, indem Sie nur ein Formular für alle gewählten Downloads ausfüllen. Ihre aktuelle Sammlung ist leer.