Today marks the official enforcement of the Digital Operational Resilience Act (DORA), introducing a standardized framework to strengthen Information and Communication Technology (ICT) risk management across financial services.

In anticipation of this regulation, banks have restructured internal systems to bolster compliance, aiming to enhance resilience and secure personal data more effectively. Grant Harper, global lead for financial services at ITRS, highlighted the importance of DORA, emphasizing that operational resilience extends beyond regulatory obligations to safeguarding reputation and trust in a competitive financial landscape.

The evolving regulatory landscape poses significant challenges. Simon Treacy, senior associate for financial regulation at Linklaters, noted that firms must remain agile as European legislators finalize detailed rules on subcontracting ICT services and threat-led penetration testing. Pending guidance from the European Commission could prompt further adjustments to IT provider contracts and implementation strategies. Treacy underlined that DORA compliance is not a one-time initiative but a dynamic, ongoing process tailored to each organization’s operational environment.

The financial sector has already invested heavily in DORA preparations. Research from Rubrik Zero Labs reveals that nearly half of UK financial institutions spent over one million euros on compliance efforts, with ransomware cited as the top security threat. Carl Leonard, EMEA cybersecurity strategist at Proofpoint, stressed the need for continuous risk assessments and robust cyber hygiene, especially when adopting new technologies and AI-powered systems. As organizations navigate DORA’s demands, proactive risk management remains essential to maintaining resilience and a strong security posture.