EU DORA – Global Relay Intelligence & Practice

EU DORA

The Digital Operational Resilience Act (DORA for short) is intended to strengthen the IT security frameworks of financial entities and ensure that they remain resilient in the face of cybersecurity threats and in the event of severe operational disruption.

Rule Overview

Jurisdiction: European Union

Regulator: ESMA

Topic: Resilience

Overview

Notable

Further Reading

DORA rules cover:

ICT risk management
ICT third-party risk management
Digital operational resilience testing
ICT-related incidents
Information sharing on cyber threats
Oversight of critical third-party providers

DORA will apply to all relevant financial entities and third parties on 17 January 2025.

Notable

Regulation

DORA: More than meets the eye…

February 27, 2024

A look at how DORA will bring change in practical terms, including reach and extraterritoriality.

Trevor Dolan | Eversheds Sutherland5 min read

ESMA

DORA implementation firmly on track according to EU regulators

December 4, 2023

Remarks by Gerry Cross of the Central Bank of Ireland also highlight challenges and provide useful details.

Thomas Hyrkiel2 min read

Technology

Your DORA questions answered – Scope

March 21, 2024

The first of a series of six articles covering a practical session organised by Ashurst focuses on the scope of DORA.

Thomas Hyrkiel4 min read

Regulation

DORA: More than meets the eye…

ESMA

DORA implementation firmly on track according to EU regulators

Technology

Your DORA questions answered – Scope

Latest News More on DORA

GRIP Extra

GRIP Extra: CFPB drops Zelle suit, Barclays suffers 3-day IT outage

March 7, 2025

Other news includes assistance from the SEC for filers using EDGAR, a probe into Nvidia shipments to Malaysia and another bank reviewing its approach to DEI.

GRIP1 min read
Conferences and events

Privacy experts give advice on complying with DORA and NIS2

March 7, 2025

Adequate preparation, identifying what and who is critical, and, above all, "practice, practice, practice" highlighted.

Martina Lindberg, Jean Hurley3 min read
Podcasts

Podcast: Practice and procedure with GRIP – DORA implementation

March 3, 2025

DORA is a response to persistently elevated cyber threat levels, Jean and Thomas discuss how firms can achieve operational resilience.

Jean Hurley, Thomas Hyrkiel23 min listen
ESMA

ESAs make progress on critical ICT third-party oversight framework

February 24, 2025

ICT providers designated critical under DORA will get six weeks to challenge the designation.

Jean Hurley1 min read
Regulation

EBA narrows existing ICT guidelines

February 17, 2025

DORA ICT risk management requirements apply to financial entities in their place.

Thomas Hyrkiel1 min read
Security

Why tech, process and people are top of mind for CISO Laurence Lafond

January 28, 2025

In this second part of our discussion with Lafond, he refers to internal threats, side-channel attacks, vendor risks and having a well-equipped incident response plan and team.

Julie DiMauro10 min read
ESMA

DORA: Navigating the path ahead

January 27, 2025

With DORA now in effect, the EU’s financial sector is entering a new phase of operational resilience obligations, where firms must shift from preparation to action.

Nathaniel Lalone | Katten, Ciara McBrien | Katten5 min read
ESMA

Facing up to the challenge as the age of DORA dawns

January 17, 2025

The absence of a transitional period presents a challenge for firms and third parties.

Thomas Hyrkiel2 min read

Topics

Latest News

Herbert Smith Freehills hit with £465k fine for breaching Russian sanctions

Lethal drugs the focus of Annual Threat Assessment from US Intelligence

Increase in suspected insider trading, and more inspection revealed in Danish FSA report

Topics

Latest News

OCC ends reputational risk examinations

FCA’s ongoing service review leaves firms with further work to do

"UK must overcome its allergy to risk" – City reacts to new FCA strategy

Topics

Latest News

Crypto wrap: Ethereum's midlife crisis, Trump's stablecoin, FCA warning

Trump wants states to lead on response to cyber attack and severe weather threats

Celito Tech's Ravi Monangi and Ethan Grammer on compliant growth in life science

Topics

Latest News

GRIP Extra: SEC updates marketing rule FAQs, Swiss fine for Lara Warner

Podcast: Denis Jacob charts a path through regulatory uncertainty for healthcare

Experts discuss collaboration on AI regulation and the value of data

GRIP Extra: CFPB drops Zelle suit, Barclays suffers 3-day IT outage

Privacy experts give advice on complying with DORA and NIS2

Podcast: Practice and procedure with GRIP – DORA implementation

ESAs make progress on critical ICT third-party oversight framework

EBA narrows existing ICT guidelines

Why tech, process and people are top of mind for CISO Laurence Lafond

DORA: Navigating the path ahead

Facing up to the challenge as the age of DORA dawns