Common | May 27, 2024 ▪️​BANKING INSIGHTS

Understanding the Impact of the Upcoming DORA Regulation.

In today’s interconnected digital landscape, the resilience and security of online systems have become paramount. As the reliance on digital infrastructure grows, so does the need for robust regulations to ensure its stability. Enter the Digital Operational Resilience Act (DORA), a forthcoming regulation poised to revolutionize the way organizations approach digital resilience. In this article, we look into the key aspects of DORA and its potential implications for businesses across Europe and beyond.

Understanding DORA:

DORA aims to establish a comprehensive framework for the operational resilience of the financial sector, encompassing both digital and non-digital aspects. At its core, the regulation seeks to enhance the ability of financial entities to withstand and recover from operational disruptions, including cyberattacks, IT failures, and other incidents.

One of the central points of DORA is the principle of “same business, same risk, same rules,” which emphasizes consistent standards for operational resilience across all financial institutions. This uniformity is intended to foster a level playing field while bolstering the overall stability of the financial ecosystem.

Key Provisions:

DORA outlines a range of obligations and requirements for financial entities, with a particular focus on digital operational resilience. These provisions include:

Incident Reporting: Mandates timely reporting of significant cyber incidents to relevant authorities, enabling swift response and mitigation measures.

-Risk Management: Requires institutions to conduct regular risk assessments and implement appropriate risk management strategies to mitigate potential disruptions.

-Outsourcing Oversight: Introduces stringent requirements for the outsourcing of critical functions, ensuring that third-party service providers meet specified resilience standards.

-Testing and Exercises: Encourages the regular testing and simulation of operational scenarios to assess readiness and identify areas for improvement.

-Governance and Accountability: Emphasizes the importance of effective governance structures and clear accountability mechanisms to oversee and enforce compliance with DORA requirements.

Impact on Businesses:

The implementation of DORA is expected to have far-reaching implications for financial institutions, technology providers, and other stakeholders. While compliance may entail initial costs and operational changes, the long-term benefits are significant.

By fostering a culture of resilience and accountability, DORA can help organizations better anticipate, prepare for, and respond to operational disruptions. This, in turn, can enhance customer trust and confidence, safeguard financial stability, and ultimately contribute to the resilience of the broader economy.

Furthermore, DORA’s emphasis on digital resilience underscores the importance of robust cybersecurity measures in an era of escalating cyber threats. Financial entities will need to invest in advanced cybersecurity technologies and capabilities to fortify their defenses against evolving risks.


As the digital landscape continues to evolve, ensuring the resilience of financial systems is paramount. The Digital Operational Resilience Act represents a pivotal step towards achieving this goal, providing a comprehensive framework to enhance the operational resilience of the financial sector. By embracing DORA’s principles and requirements, organizations can strengthen their ability to withstand and recover from disruptions, ultimately fostering a more secure and resilient digital ecosystem for all.

In summary, while the road to compliance may pose challenges, the benefits of DORA are clear: a more resilient financial sector equipped to navigate the complexities of the digital age with confidence and stability.

By Francesco di Martino, Banking Consultant at Common Management Solutions