The Digital Operational Resilience Act harmonizes the rules relating to operational resilience for the financial sector applying to 20 different types of financial entities and ICT third-party service providers, covering an estimated 22,000 organizations across the European Union.
DORA aims to strengthen the IT security of financial entities such as banks, insurance companies, and investment firms to make sure the financial sector in Europe is resilient in the face of the growing volume and severity of cyber-attacks. The new regulation requires financial entities, and their critical ICT suppliers, to implement contractual, organizational, and technical measures to improve the level of digital operational resilience of the sector.
DORA entered into force on 16 January 2023 and will apply to all 27 EU member states as of 17 January 2025.
DORA is structured around five key pillars, each designed to address distinct aspects of financial services digital operational resilience.
DORA applies to a broad range of financial service providers, including banks, credit institutions, payment institutions, e-money institutions, investment firms, and crypto-asset service providers, among others. Importantly, DORA defines critical ICT services provided to financial institutions. If an organization is a provider of critical ICT services to a financial institution, it will be subject to direct regulatory oversight under the DORA framework. That includes, for example, cloud platforms and data analytics services, even if they are based outside the EU.
DORA is an EU Regulation, which means that it is the law in the EU as of 17 January 2025. Unlike an EU Directive, DORA does not have to be translated into each EU member state’s national legislation. Failure to comply with DORA comes with strict penalties:
Explore solutions for DORA compliance in the financial sector, covering information and communication technology (ICT) risk management, incident reporting, and more.
Thales’ solutions can help Financial Institutions and third-party ICT providers comply with DORA by simplifying compliance and automating security reducing the burden on security and compliance teams. We help address essential cybersecurity risk-management requirements under articles 8, 9, 10, 11, 19 and 28 of the regulation, covering ICT Risk Management and Governance, Incident Reporting, and ICT Third Party Risk Management.
We provide comprehensive cyber security solutions in three key areas of cybersecurity: Application Security, Data Security, and Identity & Access Management.
NIS2 Compliance Solutions
Protect applications and APIs at scale in the cloud, on-premises, or in a hybrid model. Our market leading product suite includes Web Application Firewall (WAF), protection against Distributed Denial of Service (DDoS) and malicious BOT attacks, security for APIs, a secure Content Delivery Network (CDN), and Runtime Application Self-Protection (RASP).
Discover and classify sensitive data across hybrid IT and automatically protect it anywhere, whether at rest, in motion, or in use, using encryption tokenization and key management. Thales solutions also identify, evaluate, and prioritize potential risks for accurate risk assessment as well as identify anomalous behavior, and monitor activity to verify compliance, allowing organizations to prioritize where to spend their efforts.
Provide seamless, secure and trusted access to applications and digital services for customers, employees and partners. Our solutions limit the access of internal and external users based on their roles and context with granular access policies and Multi-Factor Authentication that help ensure that the right user is granted access to the right resource at the right time.
Application Security
Data Security
Identity & Access Management
Data Security
Data Security
Identity & Access Management
Data Security
Identity & Access Management
