Digital operational resilience

The growing digitalization of the financial industry brings a host of benefits, but also poses new challenges and risks.
The Digital Operational Resilience Act (DORA) aims to increase the digital resilience of companies to reflect the increasing importance of ICT systems. It is also designed to enable companies to respond quickly to potential threats.

In terms of content, the European regulation deals with the management of increasing dependencies and interdependencies within the financial sector, but also with service providers and infrastructures. It aims to bring ICT security and digital resilience more into focus as substantial components of operational risk. In the course of this, national requirements will be harmonized and the complexity of existing requirements reduced.


We have examined the regulation with regard to its addressees, potentially affected departments of financial companies, the implementation effort, the implementation timeframe, and pending delegated acts.

Audience: Banks, financial service providers, securities institutions, insurers, pension funds, capital management company, investment funds, third-party ICT service providers
Areas affected: Risk Management, Governance, Corporate Management, Outsourcing Management, Provider Management, Strategy, Regulatory Reporting, Information Security, Legal & Compliance, Process Management, IT Strategy & Governance, Emergency Management, Communication, Internal Audit, Test Management
Implementation effort: 🔴 high
Entry into force: 17.01.2023
Start of validity: 17.01.2025
Status of delegated acts: First delegated acts are planned for consultation by ESMA in Q2 2023, further in Q4 2023.

DORA addresses diverse topics and therefore touches many areas in financial companies. The list of institutions exempted from the regulation is short.


Bulletproofing Your Business

Use our checklist to see if you are already in compliance with DORA requirements to identify your need for action by 2025.

In our checklist we present the requirements of the DORA. It also includes an assessment of which requirements are already anchored in the same or a similar form by other regulatory requirements. Have we sparked your interest? Then take this opportunity to stay up to date on regulatory changes around IT security.

Get access to our free checklist.

DORA – A general overview

DORA – A general overview

The Digital Operational Resilience Act (hereinafter: DORA) has been discussed for quite some time. At the latest when the regulation is published at the end of December 2022, financial companies and third-party service providers will have to start implementing the requirements in time for the 2025 entry into force.

Talk to

Pia Streicher