Urgent Reminder: The DORA Deadline Is Fast Approaching

The deadline for compliance with the European Union’s Digital Operational Resilience Act (DORA) is fast approaching, requiring financial sector businesses to act promptly to meet the requirements by 17th January 2025.

DORA is designed to strengthen the cybersecurity and operational resilience of financial organisations by establishing a unified regulatory framework across the EU. Here’s what you need to know to ensure your organisation is prepared before the deadline.

What Is DORA and Who Needs to Comply?

Although DORA officially came into effect on 16th January 2023, businesses were given a two-year transition period, ending 17th January 2025, to fully comply. This transition allows organisations time to evaluate and enhance their IT systems, processes, and third-party vendor relationships to meet DORA’s requirements.

While DORA is part of EU law, it does not apply to the UK (England, Scotland, Wales, or Northern Ireland). However, UK-based companies with European subsidiaries must ensure compliance for those operations. Additionally, central functions within UK-based companies that serve European entities and IT service or software providers supplying European firms must also comply.

DORA applies to a broad range of entities in the financial sector, including:

• Banks
• Investment firms
• Insurance companies
• Payment service providers
• Cryptocurrency service providers
• Third-party IT service providers

The Five Core Pillars of DORA

DORA introduces five key areas to build digital resilience across financial organisations:

1. IT Risk Management
   Establish robust frameworks for identifying, managing, and mitigating IT-related risks.
2. Incident Reporting
   Report major IT-related incidents to the relevant authorities promptly and accurately.
3. Testing and Resilience
   Conduct regular testing to ensure IT systems remain operational during disruptions.
4. Third-Party Risk Management
   Monitor and manage risks from third-party IT service providers through due diligence and contractual safeguards.
5. Information Sharing
   Promote collaboration and share insights about cyber threats among financial institutions to bolster resilience.

Steps to Achieve DORA Compliance

Organisations should take the following actions to ensure compliance before the deadline:

• Perform a Gap Analysis
  Assess your existing IT infrastructure and processes to identify areas requiring improvement.
• Audit Third-Party Relationships
  Review contracts and risk management measures with third-party vendors to align with DORA standards.
• Update Policies and Procedures
  Revise internal policies to reflect DORA-specific requirements.

Failure to comply with DORA could result in regulatory penalties, operational vulnerabilities, and reputational damage. In today’s financial world, where IT systems play a critical role, achieving resilience is not just a regulatory obligation – it’s also smart business.

How AJC Can Help

With the 17th January 2025 deadline looming, financial organisations must treat DORA compliance as a strategic priority. AJC offers expert assistance to help your organisation achieve compliance and maintain resilience in the face of evolving challenges.

AJC DORA Health Check

At AJC, we provide a tailored DORA Compliance Health Check to evaluate your organisation’s current status and deliver actionable recommendations for improvement. Our services also include ongoing compliance planning to ensure your organisation stays on track well beyond the initial assessment.

For more information about how AJC can support your preparation for DORA, click here.