- Topics
- Regions
- Events
- Webcasts
- Resources
- CW Exclusives
- Membership
“For tracking litigation, enforcement, and regulatory developments, Compliance Week
should be your prime source.”- Chief Compliance Officer and VP of Legal Affairs, Arrow Electronics
Experts say DORA compliance not coming easy as more firms pass buck to IT providers
By 
Neil Hodge2025-01-23T15:28:00
New rules have come into effect across the European Union to promote better cybersecurity and IT resilience across the financial services sector, but experts warn that compliance is likely to be patchy and regulatory enforcement across the bloc perhaps even patchier.
The EU’s Digital Operational Resilience Act (DORA), which went into effect Friday, aims to strengthen financial services firms’ defenses against–and responses to–potential cyberattacks so that the sector (and not just individual institutions) remains robust and intact.
The regulation sets rules on information and communication technology risk-management, incident reporting, operational resilience testing, risk monitoring of “critical” third-party IT suppliers, and information and intelligence sharing with regulators. It also makes boards directly responsible and accountable for proper implementation.
THIS IS MEMBERS-ONLY CONTENT
You are not logged in and do not have access to members-only content.
If you are already a registered user or a member, SIGN IN now.
Related articles
-
PremiumTPRM critical as DORA, new FCA third-party engagement rules come into effect in 2025
New rules that push IT firms providing “critical” services to the U.K.’s financial sector to share more data about cyberattacks and resiliency measures have been welcomed by industry experts. However, concerns remain over how suppliers will be classified and how key data might be gathered and shared.
-
PremiumDORA set to enhance cyber resilience requirements for EU financial firms
The European Union’s Digital Operational Resilience Act, which is set to take effect next year, will require financial services firms to implement stronger measures to protect not only themselves from disruption caused by cyberattacks but also the sector as a whole.
-
News BriefTrump gives TikTok 75-day reprieve after ban goes into effect
President Donald Trump signed an executive order Monday delaying the Department of Justice (DOJ) from enforcing the long-awaited TikTok ban. While the social media platform’s fate is still up in the air, Trump signaled his support for it being sold, with the U.S. as a “partner.”
More from Regulatory Policy
-
PremiumThe Rise, Fall, and Rise of Crypto: Lessons from FTX amidst a changing regulatory landscape
As President Trump assumes power, the crypto industry is in the spotlight. Trump has tapped popular crypto advocate Paul Atkins to lead the SEC, and crypto proponents feel positive about gaining fast-tracked guidance. Crypto experts and industry leaders share insights into what the industry needs from regulators to drive innovation. ...
-
News BriefFDA bans Red No. 3 dye after decades of concerns over possible health risks
The U.S. Food and Drug Administration announced Wednesday it has revoked authorization for color additive Red No. 3 from food, beverages, and drugs. Health concerns over dye have existed since it was banned from cosmetics in 1990 after it was found that large doses led to the development of cancer ...
-
News BriefNew CFPB payment privacy rule on the way for gaming companies, cryptocurrencies, Big Tech
The Consumer Financial Protection Bureau has issued a proposed rule aimed at protecting the privacy of the public when using novel digital payment systems, such as those offered by large technology platforms and video gaming companies.