Topic

DORA

– The EU’s Digital Operational Resilience Act
Published

15 May 2024

Harmonising the digital operational requirements across the EU 


The European Commission has introduced DORA in the EU financial sector due to increased digitalisation, which has led to increased ICT risks, making financial systems more vulnerable to cyberthreats and ICT disruptions. 


DORA requires entities across the financial sector to be properly equipped to mitigate any circumstances that could compromise digital operational security in order to reduce business disruption and ensure business continuity. 


The aim of DORA is to harmonise the key digital operational requirements across the EU to avoid fragmentation of requirements in member states and to ensure legal certainty. In addition, DORA broadens the scope by including third-party ICT providers in the regulation. The regulation also incentivises the exchange of information about cyberthreats and ICT-related incidents across the sector to increase awareness of and timely response to cyberthreats. 



The regulation will apply to all covered entities from 17 January 2025.

The five pillars of DORA

When will DORA come into effect?

DORA will come into effect on 17 January 2025, with several milestones to be aware of.

Getting ready for DORA

What are the key drivers of success in the DORA programme? 


Watch the video snippest from our latest webinar, where we explored how to elevate DORA beyond being just a cost driver — turning it into a long-term efficiency driver AND a catalyst for growth.

video
DORA as a strategic business programme

DORA is an opportunity for companies to strategically re-purpose their approach to risk and resilience.

video
The shift from technicians to the board room

To gain support from upper-level management, security functions must be vocal about their needs.

video
The five pillars in DORA

The five pillars of DORA can help affected organisations plan and priorities their implementation. 

video
Promises we give the market

Being resilient is a promise we give to the market and not least to our customers.

video
Harvesting the business benefits

Cyber risks are business risks. Hence, minimizing cyber-risks should be viewed as business benefits.

video
Create business impact and business value

By aiming beyond just compliance, we unlock the potential for tangible business benefits.

...
video
Advice to businesses faced by regulatory demands

How can organisations affected by DORA jump-start their journey to compliance?

DORA requirements and how we can help affected organisations

In summary, the DORA regulation is an opportunity to better manage and assess risk across your organisation and become more resilient to severe operational disruptions and cyberattacks. 

  • ICT risk management, information system policies and procedures and effectiveness monitoring. 
  • ICT risk analysis and assessment. 
  • Business continuity, backup management, BIA and disaster recovery. 
  • Supply chain security. 
  • Security in acquisition, development and maintenance. 
  • Digital operational resilience testing programme. 
  • ICT asset management and classification and access control. 
  • Incident response, crisis management, reporting. 
  • Training and awareness, governance and organisation. 
  • Threat landscape assessments, threat intelligence sharing.
  • Physical security.

Our expertise

We strive to co-create real value, making an impact on people and technology. 


We believe that documentation and reports are great, but not enough. That is why we choose to adopt a holistic focus throughout the process, helping to implement the right technical solutions and anchoring the change in the organisation for long-term benefit.

Guiding principles

Need some more guidance? 

Download our practical guide on how to navigate DORA.

Download the DORA guide

Or reach out to our DORA experts
0
4

Related0 4

Book
Read more
Cybersikkerhed – helt sikkert!
En praktisk grundbog med et samlet overblik over cyber- og informationssikkerhed som fagfelt.
Article
Read more
Future-proofing Nordic business
Addressing five worthwhile challenges for Nordic business leaders in 2024.
Article
Read more
Unlocking business value through NIS2 compliance
Our recommendations on how to handle NIS2 in practice based on previous experience in supporting customers on their NIS2...
Article
Read more
The EU Artificial Intelligence Act
The law on artificial intelligence is relevant for private and public companies that use or develop AI.