Ahead of The Digital Operational Resilience Act (DORA) being enforced on 17th January, IE is sharing some comments from Forrester’s senior analyst Madelein van der Hout on why DORA is important, how prepared financial institutions are, the consequences of failing to comply, and the impact these regulations will have outside of the EU.
Here’s the word;
On the need for DORA:
“From online banking to mobile payments, nearly every aspect of our financial lives relies on digital systems. This reliance has brought incredible convenience, but it also means that any disruption—whether due to cyberattacks, system failures, or operational incidents—can have severe consequences.
“DORA provides the framework to ensure that financial entities have robust measures to withstand and recover from disruptions. By addressing vulnerabilities in this highly digitized ecosystem, DORA not only protects financial institutions but also safeguards the stability and well-being of the European society as a whole.”
On the preparedness of financial institutions for DORA:
“Financial institutions are at varying stages of preparedness for DORA as the compliance deadline approaches. While many organisations have made progress in adapting to the Act’s requirements, DORA represents a significant shift in how digital operational resilience is managed. It calls for a comprehensive review of the ICT landscape, enhanced incident management processes, updated internal policies and procedures, and ensuring that all third-party contractual arrangements meet DORA’s standards.
“Compliance with DORA is non-negotiable, and regulators will expect tangible progress. Some institutions are ahead of the curve, leveraging their existing robust cybersecurity and risk management frameworks to align with DORA. Others are still in the process of addressing gaps and scaling up their efforts. Financial institutions must act with urgency to meet the expectations set by DORA and, ultimately, to protect the customers and communities they serve.”
Consequences of failing to comply with DORA:
“Organisations that fail to comply with the DORA by 17th January risk facing a range of significant and far-reaching consequences. Non-compliant organisations can incur fines up to 2% of their global annual turnover or €10 million—whichever is higher. Critical third-party ICT providers may face fines as high as €5 million. Organisations may also face 1% of their daily global turnover as a fine for each day of non-compliance.
“Furthermore, regulatory authorities can limit or suspend non-compliant organisations’ business activities until they achieve full compliance. In severe cases, non-compliance can result in a temporary suspension of operations, effectively halting business.
“There’s also reputational damage to consider. Violations of DORA can erode customer trust and investor confidence, leading to long-term financial consequences that go beyond fines. Compliance is not just about avoiding fines—it is an investment in long-term operational resilience and trust.”
The impact of DORA outside of the EU:
“DORA will have a significant impact on companies outside the EU, particularly in North America and the Asia-Pacific (APAC) regions, even though it is an EU regulation.
“The regulation will influence financial institutions operating in or with connections to the EU, requiring them to integrate DORA compliance with their local regulatory requirements. DORA also establishes a global benchmark for operational resilience in financial services. Companies in North America and APAC will likely align their practices with DORA to remain competitive, ensure interoperability with EU clients, and strengthen their operational resilience.”
Be the first to comment