The EU Regulation on Digital Operational Resilience for the Financial Sector: Applicability & Compliance Guidance for ICT Service Providers

February 2025

Abstract

The European Union (‘EU’) Regulation on Digital Operational Resilience for the Financial Sector EU 2022/2554 (‘DORA’), the new cybersecurity framework for the entire financial sector of EU along with its extensive Information and Communication Technology (‘ICT’) supply chain systems, has come into effect from January 17, 2025. This article will assess the applicability and impact of the DORA regulations for ICT third-party supply chain vendors (with special emphasis on applicability and compliance for IT vendors and cloud service providers) of EU based financial institutions. It will specifically cover the following key areas: a. Applicability of DORA to third party ICT third party services providers (including IT vendors and cloud service providers) of the financial sector; b. Key compliances under DORA for ICT third party service providers; c. Steps for translating DORA requirements into enforceable contractual requirements for ICT third party service providers; d. Risks/penalties for non-compliance; and e. Recent regulatory developments related to DORA compliance.

The Role (and Ethics) of General Counsels: Guardians of Justice and Values In an era of increasing regulatory pressure, the European Union's Corporate Sustainability Reporting Directive (CSRD) is a key step...Read more

Alfonso Levote

General Counsel & Investor Relations, Rosetti Marino S.p.A., Italy

UK Economic Crime and Corporate Transparency Act 2023 - Failure to prevent fraud: Storm in a tea cup?

The Failure to Prevent Fraud offence contained within the UK Economic Crime and Corporate Transparency Act 2023 (ECCTA) finally comes into effect on 1 September 2025 following the release of...Read more

Steve Holt

Partner, Grant Thornton UK, UK

Oishi Ghosh

Forensic Investigation Services Manager, Grant Thornton UK, UK

Ollie Haselden

Assistant Manager within the Forensics and Investigations department, Grant Thornton UK, UK

Compliance Programs: Step-by-Step Guide to Building and Scaling Effective Programs from Start-Ups to Large Enterprises

Business operates in a world of risks including geopolitical, regulatory, environmental, and macroeconomic. Many of these risks cannot be controlled. On the other hand, “conduct based risk”, or risks stemming...Read more

Gunnar Wieboldt

Former SVP, General Counsel, Vestaron Corporation, USA

The Importance of Compliance Programs

The interest in the proposed topic arose from the need to discuss the social and economic changes brought about by the concept of compliance and the Brazilian Anti-Corruption Law. We...Read more

Cristina Leite

Procurement Risk & Compliance Senior Consultant, Hydro, Brazil

Thaíssa Felguerias

Senior Compliance Specialist, Hydro, Brazil

The EU Regulation on Digital Operational Resilience for the Financial Sector: Applicability & Compliance Guidance for ICT Service Providers

Abstract

Author

Company

Hewlett Packard Enterprise

Related Papers