DORA law tightens grip, banks and suppliers rush to meet EU regulations

Non-compliance with DORA could result in hefty fines for financial firms and their technology providers.
EU's DORA law highlights the growing need for cyber resilience in the financial sector, with strict new requirements for banks and suppliers.

Financial services firms across the European Union are preparing for new regulations under the Digital Operational Resilience Act (DORA). The law, which aims to enhance cybersecurity, will require banks and their technology suppliers to significantly strengthen their IT infrastructure by January 2025. The regulation mandates robust risk management, incident response, and resilience testing to ensure that financial institutions can withstand cyberattacks and other disruptions.

DORA’s scope extends beyond banks, placing stringent requirements on third-party technology providers. These suppliers must now undergo rigorous testing and reporting processes, as the regulation seeks to uncover dependencies within the digital supply chain. The new law represents a shift in focus towards the security of external tech partners, reflecting the growing reliance of financial institutions on digital services.

Non-compliance with DORA will result in severe penalties, with fines reaching up to 2% of global revenues for financial firms and 1% for IT providers. Individual managers could also face significant fines, further intensifying the pressure on firms to meet the new standards. Despite progress, many in the industry are concerned that not all companies will achieve full compliance by the deadline.

The European Union’s emphasis on cyber resilience highlights the evolving challenges faced by the financial sector. As banks and their suppliers scramble to meet the stringent requirements of DORA, the regulation underscores the critical importance of safeguarding digital infrastructure in an increasingly technology-dependent industry.