Skip to content
Your DORA Explorer

A Practical Guide to Digital Operational Resilience Regulation for Technology Leaders

Digital Operational Resilience regulations are coming. Get your guide.

UK and EU regulators are concerned that spiralling technological complexity in financial services industries poses a systemic risk to the financial system. If a major bank were to experience an outage like Facebook's in 2021, it could have wide-ranging consequences. 

To combat this risk, from March 2022, regulated firms will be required to comply with new FCA regulations in the UK. Following hot on its heels is the EU’s Digital Operational Resilience Act (DORA).

Firms will now have to ensure the resilience of their Important Business Services and the availability  of these services to end-users. This requires a more holistic, top-down approach to technology resilience and will require technology leaders to implement new resilience solutions. 

Download your guide now for practical guidance on how to meet new regulatory demands and build greater continuous resilience.

Getting ready for DORA

Firms will be expected to comply with DORA by Q4 2024.

There are 5 key pillars to DORA:

  • ICT risk management
  • ICT incident reporting
  • Digital Operational Resilience testing
  • ICT third-party risk management
  • Information and intelligence sharing.

Crucially, it will bring Critical Technology Service Providers (TSP) under the supervision of the European Supervisory Authority (ESA). Regulators will have the power to request regulated firms to end their arrangement with the TSP if issues are found.

This means regulated firms must have strong governance and resilience processes for the entirety of their complex hybrid IT environment. 

Learn more about governance

FCA and PRA regulations

By March 31st 2022, regulated firms must have:

  • identified their important business services
  • set impact tolerances for the maximum tolerable disruption
  • carried out mapping and testing to a level of sophistication necessary to do set impact tolerances
  • identified any vulnerabilities in their operational resilience. 

As soon as possible after this, and no later than 31 March 2025, firms should operate within these impact tolerances and be prepared to demonstrate their processes in writing to the regulator.

The countdown to compliance is on. Are you ready? A Resilience Readiness Assessment can help to identify areas for improvement and get you on track to comply.


Arrange a readiness assessment