{"id":193102,"date":"2025-02-19T06:30:00","date_gmt":"2025-02-19T05:30:00","guid":{"rendered":"https:\/\/liora.io\/en\/?p=193102"},"modified":"2026-02-06T07:49:01","modified_gmt":"2026-02-06T06:49:01","slug":"all-about-regulation-dora","status":"publish","type":"post","link":"https:\/\/liora.io\/en\/all-about-regulation-dora","title":{"rendered":"What is the Digital Operational Resilience Act?"},"content":{"rendered":"<p><b>The new DORA regulation is part of a European initiative aimed at enhancing the cybersecurity and operational resilience of companies engaged in financial activities. The European Union wants this initiative to be viewed more as an opportunity than a constraint.<\/b><\/p>\n<p><b>Resilience<\/b> is a popular term these days. Amid challenges that some might face, it is advisable to be resilient, meaning capable of absorbing disruptions and quickly recovering.<\/p>\n<p>What about companies? Isn&#8217;t it equally important for them to demonstrate resilience in the case of temporary IT malfunctions or even cyberattacks?<\/p>\n<p>It is agreed that this resilience capability becomes even more crucial when the IT at stake belongs to a bank or <a href=\"https:\/\/liora.io\/en\/cryptocurrency-trading-training-become-a-trading-expert-or-create-your-own-crypto\">a cryptocurrency provider<\/a>. The inability to access one\u2019s assets in <b>euros<\/b> as well as in <b>bitcoin<\/b> or <b>ethereum<\/b> can be a significant source of concern.<\/p>\n<p>In response to these challenges, the European Union has implemented DORA (Digital Operational Resilience), a regulation specifically aimed at ensuring <b>the continuity and security of financial activities<\/b>.<\/p>\n<style>\n.elementor-heading-title{padding:0;margin:0;line-height:1}.elementor-widget-heading .elementor-heading-title[class*=elementor-size-]>a{color:inherit;font-size:inherit;line-height:inherit}.elementor-widget-heading .elementor-heading-title.elementor-size-small{font-size:15px}.elementor-widget-heading .elementor-heading-title.elementor-size-medium{font-size:19px}.elementor-widget-heading .elementor-heading-title.elementor-size-large{font-size:29px}.elementor-widget-heading .elementor-heading-title.elementor-size-xl{font-size:39px}.elementor-widget-heading .elementor-heading-title.elementor-size-xxl{font-size:59px}<\/style>\n<h3>The Birth of DORA<\/h3>\n<p>At the end of September 2020, the European Commission published the <b>Digital Operational Resilience<\/b> project, a series of measures aimed at enhancing the digital efficiency of the financial sector.<\/p>\n<p>The goal was to unify European standards and requirements to <b>create a harmonized and comprehensive framework concerning the digital operational resilience of financial entities<\/b>. DORA aims to promote the quick detection of major IT incidents, a rapid recovery ability, and also an analysis of causes of disruption, alongside a mandatory reporting obligation.<\/p>\n<h3>Cyberattacks with Major Consequences<\/h3>\n<style>\n.elementor-widget-image{text-align:center}.elementor-widget-image a{display:inline-block}.elementor-widget-image a img[src$=\".svg\"]{width:48px}.elementor-widget-image img{vertical-align:middle;display:inline-block}<\/style>\n<p>\t\t\t\t\t\t\t\t\t\t\t\t<img decoding=\"async\" width=\"1000\" height=\"571\" src=\"https:\/\/liora.io\/app\/uploads\/sites\/9\/2025\/01\/Regulation-DORA-Liora-1.webp\" alt=\"\" loading=\"lazy\" srcset=\"https:\/\/liora.io\/app\/uploads\/sites\/9\/2025\/01\/Regulation-DORA-Liora-1.webp 1000w, https:\/\/liora.io\/app\/uploads\/sites\/9\/2025\/01\/Regulation-DORA-Liora-1-300x171.webp 300w, https:\/\/liora.io\/app\/uploads\/sites\/9\/2025\/01\/Regulation-DORA-Liora-1-768x439.webp 768w\" sizes=\"(max-width: 1000px) 100vw, 1000px\"><\/p>\n<p>This regulatory framework was made necessary by the increasing risks posed by <b>the digital transformation of financial services<\/b> and the growing interconnection of networks. It turned out that numerous cyberattacks have had enormous consequences for renowned institutions.<\/p>\n<ul>\n<li style=\"font-weight: 400;\" aria-level=\"1\">In 2014, JP Morgan Chase, one of the largest banks in the USA, suffered a breach resulting in the compromise of over 80 million identities.<\/li>\n<li style=\"font-weight: 400;\" aria-level=\"1\">Two years later, the hacking of the interbank messaging system <a href=\"https:\/\/www.swift.com\/fr\/swift-en-francais\">SWIFT<\/a> allowed the diversion of 81 million dollars from the central bank of Bangladesh.<\/li>\n<li style=\"font-weight: 400;\" aria-level=\"1\">During the same year, 2016, Tesco Bank, a UK institution, was the victim of a cyberattack that affected 9,000 customer accounts and enabled hackers to steal about 2.5 million pounds sterling.<\/li>\n<li style=\"font-weight: 400;\" aria-level=\"1\">In 2017, 140 million articles from Equifax, one of the main American credit agencies, were hacked, providing access to social security numbers, birth dates, and other personal data.<\/li>\n<li style=\"font-weight: 400;\" aria-level=\"1\">In 2019, a security breach of the American bank Capital One&#8217;s system allowed access to the personal data of about 100 million customers and credit card applicants.<\/li>\n<\/ul>\n<p><a href=\"\/en\/courses\/data-ai\/\"><br \/>\nLearning to identify cyber threats<br \/>\n<\/a><\/p>\n<p>Most of these companies endured the fallout from such cyberattacks on their reputation, with public trust often negatively impacted due to the lack of a quick response.<\/p>\n<p>It is agreed that such incidents could only advocate for the <b>establishment of rules<\/b> to ensure the safety and continuity of financial operations.<\/p>\n<p>The DORA regulation was adopted by the European Parliament on November 10, 2022, then by the EU Council, and subsequently published in the Official Journal.<\/p>\n<p>Since January 17, 2025, DORA has been in effect in all EU member states.<\/p>\n<h3>Who is Affected by DORA?<\/h3>\n<p><img decoding=\"async\" width=\"1000\" height=\"571\" src=\"https:\/\/liora.io\/app\/uploads\/sites\/9\/2025\/01\/Regulation-DORA-Liora-2.webp\" alt=\"\" loading=\"lazy\" srcset=\"https:\/\/liora.io\/app\/uploads\/sites\/9\/2025\/01\/Regulation-DORA-Liora-2.webp 1000w, https:\/\/liora.io\/app\/uploads\/sites\/9\/2025\/01\/Regulation-DORA-Liora-2-300x171.webp 300w, https:\/\/liora.io\/app\/uploads\/sites\/9\/2025\/01\/Regulation-DORA-Liora-2-768x439.webp 768w\" sizes=\"(max-width: 1000px) 100vw, 1000px\"><\/p>\n<p>DORA applies specifically to the following activities:<\/p>\n<ul>\n<li>credit institutions;<\/li>\n<li>payment institutions;<\/li>\n<li>investment firms;<\/li>\n<li>providers of <a href=\"https:\/\/liora.io\/en\/cryptocurrency-trading-training-become-a-trading-expert-or-create-your-own-crypto\">crypto-asset related services<\/a>;<\/li>\n<li>insurance companies;<\/li>\n<li>third-party companies providing IT services for critical or important functions.<\/li>\n<\/ul>\n<p>It should be noted that the regulation introduces a <b>principle of proportionality<\/b>: some financial entities benefit from a simplified regime and may even be exempt from DORA. Various factors, including size, functions, or a company&#8217;s business profile, can expose it to varying scales of digital disruptions.<\/p>\n<h3>What Consequences for Financial Entities?<\/h3>\n<p>Most financial entities will need to implement changes to <b>comply with the DORA regulation<\/b>. First, they must conduct an assessment of their current situation in relation to DORA&#8217;s expectations. They need to identify potential risks and also estimate acceptable disruption levels, especially from the users&#8217; perspective. After this assessment, an appropriate implementation of maturity is required.<\/p>\n<p>The company must establish intrusion testing, <b>backup and restoration policies<\/b>. Once an incident occurs, it must be able to restore its systems and limit the overall impact. Subsequently, it needs to conduct a thorough review, determine causes, and implement appropriate remedies. Additionally, it must notify the competent authority of these incidents while following standardized reporting models.<\/p>\n<p><img decoding=\"async\" width=\"1000\" height=\"571\" src=\"https:\/\/liora.io\/app\/uploads\/sites\/9\/2025\/01\/Regulation-DORA-Liora-3.webp\" alt=\"\" loading=\"lazy\" srcset=\"https:\/\/liora.io\/app\/uploads\/sites\/9\/2025\/01\/Regulation-DORA-Liora-3.webp 1000w, https:\/\/liora.io\/app\/uploads\/sites\/9\/2025\/01\/Regulation-DORA-Liora-3-300x171.webp 300w, https:\/\/liora.io\/app\/uploads\/sites\/9\/2025\/01\/Regulation-DORA-Liora-3-768x439.webp 768w\" sizes=\"(max-width: 1000px) 100vw, 1000px\"><\/p>\n<h3>An Opportunity Rather Than an Obligation<\/h3>\n<p>DORA will typically involve an increase in <b>investments<\/b> and <b>IT resources<\/b>. However, the European Union wants to convey that this new regulation is not just an obligation. DORA is part of companies&#8217; evolution towards <b>digitization<\/b> and aims to assist in the <b>transition of European financial markets to the digital age<\/b>, to promote a robust market that users can trust.<\/p>\n<p>DORA starts from the premise that IT incidents, even if they seem unlikely at first glance, can occur and that it is necessary to be prepared to <b>ensure the continuity of critical activities and services<\/b>. The financial company that adjusts its operations will benefit from optimized IT risk management.<\/p>\n<p>Therefore, this regulation should be seen as an opportunity to differentiate oneself in the market. Even small-sized companies can benefit from establishing robust policies and testing procedures. In France, <b>the AMF<\/b> has called on financial sector players to actively prepare for such a transformation.<\/p>\n<p><a href=\"\/en\/courses\/data-ai\/\"><br \/>\nDiscover our courses<br \/>\n<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"<p>The new DORA regulation is part of a European initiative aimed at enhancing the cybersecurity and operational resilience of companies engaged in financial activities. The European Union wants this initiative to be viewed more as an opportunity than a constraint. Resilience is a popular term these days. Amid challenges that some might face, it is [&hellip;]<\/p>\n","protected":false},"author":74,"featured_media":193104,"comment_status":"open","ping_status":"open","sticky":false,"template":"elementor_theme","format":"standard","meta":{"_acf_changed":false,"editor_notices":[],"footnotes":""},"categories":[2426],"class_list":["post-193102","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-cybersecurity"],"acf":[],"_links":{"self":[{"href":"https:\/\/liora.io\/en\/wp-json\/wp\/v2\/posts\/193102","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/liora.io\/en\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/liora.io\/en\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/liora.io\/en\/wp-json\/wp\/v2\/users\/74"}],"replies":[{"embeddable":true,"href":"https:\/\/liora.io\/en\/wp-json\/wp\/v2\/comments?post=193102"}],"version-history":[{"count":5,"href":"https:\/\/liora.io\/en\/wp-json\/wp\/v2\/posts\/193102\/revisions"}],"predecessor-version":[{"id":205598,"href":"https:\/\/liora.io\/en\/wp-json\/wp\/v2\/posts\/193102\/revisions\/205598"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/liora.io\/en\/wp-json\/wp\/v2\/media\/193104"}],"wp:attachment":[{"href":"https:\/\/liora.io\/en\/wp-json\/wp\/v2\/media?parent=193102"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/liora.io\/en\/wp-json\/wp\/v2\/categories?post=193102"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}