March 1, 2023 – An increasing number of cyberattacks have given cause for concern throughout the EU that financial entities are subject to systemic and concentration risk owing to the interconnectivity of the financial markets. To address these concerns, the European Commission, the European Council Presidency, and the European Parliament collaborated to build a framework for financial institutions and service providers. DORA is an act like no other. It will force financial entities to take operational resiliency and business continuity seriously and understand operational discontinuity down to the customer level and throughout the ICT service model.

This Impact Report is designed to guide CISOs and those responsible for operational resilience to plan accordingly to the requirements and deadlines of DORA. This report is based on Aite-Novarica Group’s analysis of the 258 pages of the Digital Operational Resilience Act (DORA) published in the Official Journal of the European Union as Regulation (EU) 2022/2554. The analysis focused on specific requirements that financial entities should address before the 2025 deadline.

Clients of Aite-Novarica Group’s Cybersecurity service can download this report.

This report mentions the Basel Committee, BNP Paribas, European Union Agency for Cybersecurity (ENISA), European Commission, European Parliament, European Systemic Risk Board (ESRB), Financial Conduct Authority (FCA), International Consortium for Organizational Resilience (ICOR), ION, International Organization for Standardization (ISO), and Prudential Regulatory Authority (PRA).