Impact of the Digital Operational Resilience Act (DORA) on business and cloud providers

The European Union's Digital Operational Resilience Act (DORA) is a regulation crafted to develop a thorough information communication technology (ICT) risk management framework for the financial sector within the EU. Coming into effect on January 17th, 2025, DORA intends to unify ICT risk management protocols across the EU, mandating that all financial entities and their essential third-party providers establish robust ICT systems. The regulation aims to address the formerly fragmented ICT risk management scenario by introducing uniform technical standards, whereby enhancing the operational resilience of the EU financial sector. DORA establishes a comprehensive framework for ICT risk management in the EU financial sector and is structured around five key pillars:

1.     ICT risk management and governance mandates that the management body of a financial entity defines, approves, oversees and ensures the implementation of ICT risk management frameworks. This requires senior management a…