Experts say DORA compliance not coming easy as more firms pass buck to IT providers
By 
Neil Hodge2025-01-23T15:28:00
New rules have come into effect across the European Union to promote better cybersecurity and IT resilience across the financial services sector, but experts warn that compliance is likely to be patchy and regulatory enforcement across the bloc perhaps even patchier.
The EU’s Digital Operational Resilience Act (DORA), which went into effect Friday, aims to strengthen financial services firms’ defenses against–and responses to–potential cyberattacks so that the sector (and not just individual institutions) remains robust and intact.
The regulation sets rules on information and communication technology risk-management, incident reporting, operational resilience testing, risk monitoring of “critical” third-party IT suppliers, and information and intelligence sharing with regulators. It also makes boards directly responsible and accountable for proper implementation.
THIS IS MEMBERS-ONLY CONTENT
You are not logged in and do not have access to members-only content.
If you are already a registered user or a member, SIGN IN now.
Related articles
-
PremiumTPRM critical as DORA, new FCA third-party engagement rules come into effect in 2025
New rules that push IT firms providing “critical” services to the U.K.’s financial sector to share more data about cyberattacks and resiliency measures have been welcomed by industry experts. However, concerns remain over how suppliers will be classified and how key data might be gathered and shared.
-
PremiumDORA set to enhance cyber resilience requirements for EU financial firms
The European Union’s Digital Operational Resilience Act, which is set to take effect next year, will require financial services firms to implement stronger measures to protect not only themselves from disruption caused by cyberattacks but also the sector as a whole.
-
News BriefTrickle of CFPB lawsuit dismissals poised to become a flood
The Consumer Financial Protection Bureau (CFPB) has quickly become one of the most active agencies advancing the Trump administration’s pullback on prosecuting corporations, as it dropped yet another consumer protection lawsuit against a financial services company Wednesday.
More from Regulatory Policy
-
PremiumUK’s deregulation drive raises compliance risk, say top lawyers
The United Kingdom’s latest effort to encourage regulators to pare down rules to attract companies and investment as a way to stimulate the economy has received mixed reviews from lawyers.
-
News BriefIs Google headed for a breakup? Second federal judge calls it a monopoly
A federal judge has ruled that Google “willfully engaged in a series of anticompetitive acts” in the advertising technology industry, the latest antitrust setback in what could become a string of losses for tech companies.
-
PremiumAI regulation: U.K. sits on regulatory fence between U.S. and E.U.
The U.K. has pressed pause on artificial intelligence regulation as its government comes under twin pressures from those who fear the growing power of unregulated AI and the overriding need to generate growth. The postponement of long-expected legislation means that the U.K. is left sitting on the fence between federal ...