Skip to main content Skip to footer
Cyber Resilient Business

Digital Operational Resilience Act (DORA)

May 2022

Minimising risks for financial services organisations

  • The European regulatory context is widening and becoming more complex every day.
  • Digital Operations Resilience Act (DORA) aims to consistently target digital risks for all financial entities and ensure operational resilience against cyber-attacks. It will establish harmonised regulations of existing rules on managing Information and Communications Technology (ICT) governance, risks and incident reporting.
  • DORA will come into force as new regulation at European level and must be applied in a consistent manner in all EU countries and will equally apply to non-EU companies operating in mainland Europe.
  • Accenture will support clients on the organisational as well as the technical implementation of DORA.

Making digital financial systems more secure

The Digital Operations Resilience Act (DORA) is a new European Union (EU) legislation which aims to improve standards within the financial services sector by harmonising existing rules on managing ICT, governance, ICT risks and incident reporting for all financial institutions. The ultimate goal is to ensure operational resilience against ICT risks such as cyber attacks.

It affects all organisations operating in the sector, including “critical” third-party service providers (such as providers of cloud computing services, software, data analytics, market benchmarks and data centres).

DORA was formally approved by the EU parliament the 10th of November 2022 and must be enforced 24 months after the date of its publication.

Key six components of the Act are:

1

ICT Governance: Update existing rules on ICT governance to align respective business strategies.

2

ICT Risk Management: Key requirements and principles on ICT risk management.

3

ICT Incident Reporting: Monitoring and reporting of ICT-related incidents.

4

Digital Operational Resilience Testing: Regular performance of enhanced operational resilience tests.

5

ICT Third-Party Management: Active management of ICT third-party risk and the contract design.

6

Reporting to Authorities: Compliance with the regulation will be ensured by respective authorities.

Accenture will be supporting our clients on the organisational as well as the technical implementation of DORA against the six key components.

About the Authors

Fabio Colombo

Managing Director – Accenture Security, Financial Services Lead

Marco Valsecchi

Managing Director, Accenture Security

Luca Ticchiati

Security Consulting Manager, Accenture

Nicasio Muscia

Accenture Managing Director

Anna Martina Minotti

Accenture Senior Manager

Meet our lead

Martin Sværen

Nordic Security Financial Services Lead
LinkedIn

Related capabilities

Managed security

Helping clients rapidly scale security and compliance operations through innovative technology, as-a-Service capabilities and cybersecurity services.

Cyber defence

Helping clients achieve a resilient cyber defence posture to continue operating their businesses regardless of the cyber threats they face.

Applied cybersecurity

Protect the business as it transforms—applying zero trust principles to secure the entire digital core.