RGPD
The European regulation on digital operational resilience for the financial sector, also known as the “DORA Regulation” (Digital Operational Resilience Act), is a European Union initiative aimed at strengthening the digital resilience of financial sector players.
Reading time:
5 min
The European regulation on digital operational resilience for the financial sector, also known as the “DORA Regulation” (Digital Operational Resilience Act), is a European Union initiative aimed at strengthening the digital resilience of financial sector players.
With the rise in cyber threats and attacks targeting critical infrastructure, DORA imposes strict obligations to ensure the security of information systems and guarantee the continuity of essential services. Being supported by a cybersecurity lawyer is becoming essential!
DORA entered into application on 16 janvier 2023, but the entities concerned have a transition period until 17 janvier 2025 to fully comply with its requirements. This period is intended to allow companies to review their internal policies, update their contracts, and ensure that all measures necessary for compliance are in place.
DORA is not merely a legal framework: it establishes standards that affect not only financial institutions but also their information and communication technology (ICT) service providers.
As a result, the companies concerned must not only comply with the technical requirements but also ensure that their contracts, internal practices, and security policies meet these new standards.
The DORA regulation seeks to ensure that financial sector players, as well as their ICT service providers, can prevent, withstand, and quickly recover from IT incidents. This framework rests on several essential pillars that impose specific obligations:
Specialised legal support can help analyse each of these requirements in detail and ensure optimal compliance with the DORA regulation.
Let’s discuss your needs for 15 minutes!
Achieving compliance with the DORA regulation requires a structured approach. A lawyer can guide you through the following steps:
However, compliance with the DORA regulation is not limited to an initial implementation: it requires continuous monitoring and regular adjustments to stay in line with the requirements. This involves several essential actions.
First of all, it is necessary to analyse regulatory developments, as the DORA regulation may be amended or clarified by delegated acts, such as the RTS (Regulatory Technical Standards). A lawyer ensures that your company remains up to date on these changes.
Next, putting in place a monitoring plan is crucial in order to incorporate regular controls aimed at ensuring the compliance of processes, policies, and contracts.
Finally, you should prepare for external audits, which involves organising the required documents and effectively structuring responses to regulators’ questions.
Benefits of legal support for DORA compliance: Complying with the DORA regulation is a crucial step in protecting your company against cyber threats and ensuring the resilience of your digital operations. However, this compliance can be complex and may require specific skills. Engaging a lawyer offers several advantages:
The DORA regulation concerns highly technical and legal areas, in particular cybersecurity and ICT risk management. A lawyer trained in financial and digital regulation understands the specific challenges of the financial sector and can tailor their advice to your unique needs.
➡️ Proactive compliance with DORA is essential to avoid sanctions and ensure the continuity of your operations. Contact a lawyer for a tailored audit.
I want help!
To learn more
DORA (Digital Operational Resilience Act) is the European regulation that strengthens the digital operational resilience of the financial sector. Faced with cyber threats, it imposes strict obligations to secure information systems and guarantee the continuity of the essential services of financial players and their IT providers.
DORA entered into application on 16 janvier 2023, with a transition period until 17 janvier 2025 to allow the entities concerned to fully comply. This period was intended to give them time to review their internal policies, update their contracts, and roll out the necessary compliance measures.
DORA rests on several pillars: the management of risks related to information technologies, the oversight and supervision of third-party providers, the mandatory reporting of major incidents to the authorities, and regular digital resilience testing. Together, they aim to prevent, withstand, and recover from IT incidents.
Yes. DORA targets not only financial institutions but also their ICT service providers. Financial entities must structure their contracts to ensure that their suppliers comply with DORA’s security and resilience standards. Providers are therefore directly impacted by this regulation.
Under Chapter II, financial entities must implement robust policies to identify, assess, and manage risks related to information technologies. Regular assessment makes it possible to detect vulnerabilities and define strategies to minimise them. The governance of this risk falls to senior management.
Yes. Chapter III of DORA requires the reporting of major ICT-related incidents to the competent authorities, within strict deadlines, to enable a swift and coordinated response. Entities must put in place effective detection and notification mechanisms to meet these reporting obligations.
Chapter IV of DORA requires regular tests to verify that information systems can withstand cyberattacks and major disruptions. These exercises, sometimes advanced for critical players, help strengthen the robustness of infrastructures and identify weaknesses before a real incident reveals them.
Because DORA is a cross-cutting undertaking, at the intersection of legal, IT, and compliance matters, with a heavy contractual dimension (bringing provider contracts into compliance). A cybersecurity lawyer analyses each requirement, structures compliance, and secures contracts, in order to achieve compliance without bearing the regulatory risk.
Still have questions?
Our team is available!
Have a question?

Ressources
Aller plus loin