Preparing for DORA – a new challenge for financial entities

22 December 2023

Preparations underway

The Digital Operational Resilience Act (DORA), establishes the European Union’s new regulatory framework for the management of digital risks in financial markets. You can get a PDF of the regulation from the EU commission website. It entered into force in January 2023 and must be applied by financial entities across the EU from 17 January 2025. Needless to say, with only a year left before the deadline to apply the regulation, time is tight for the financial entities preparing for DORA. More than 50 authorities, including national authorities, the European Central Bank and the European Union Agency for Cybersecurity (ENISA), work on the development of the policy products and regulatory technical standards mandated by the DORA. Moreover, businesses across the board are gearing up to support financial entities in implementing the provisions of the regulation.

Ambitious goals in a short timeline

DORA goes beyond the goal of achieving ICT risk management and information security. Instead, it aims to secure digital operational resilience over the entire financial ecosystem. Moreover, this regulation one comes with some hefty financial penalties. For example entities found to be in violation of the Act’s requirements may face fines of up to 2% of their total annual worldwide turnover. In the case of an individual, the maximum fine runs up to EUR 1,000,000. The amount of the fine will depend on the severity of the violation and the financial entity’s cooperation with authorities. DORA’s requirements focus on ensuring the existence of strategies, frameworks, and governing processes to achieve digital operational resilience. This is opposed to the requirements of the European Insurance and Occupational Pensions Authority – EIOPA ICT guidelines, which focus on specifying security controls addressing governing processes in broader terms. From this perspective, DORA is not a replacement for the ICT guidelines, but rather a complement to them.

Key challenges

DORA is a cross-sectoral regulation applying to more than 20 different types of financial entities. Moreover, it also applies to more than 40 competent authorities. Financial institutions preparing for DORA face 5 key challenges:

  • establishing a comprehensive ICT risk management framework:
  • establishing digital operational resilience strategy;
  • creating governance processes for classification and reporting of major ICT-related incidents;
  • living up to increased requirements on digital operational resilience testing;
  • managing third parties in their ICT supply chain.


How can CanaryBit’s Confidential Cloud help your organisation comply with DORA? Canary Bit’s solutions help solve legal and compliance challenges with state of the art cybersecurity technology. For example, the regulation text states in Article 9, paragraph 2 that financial entities shall design, procure and implement ICT security policies, procedures, protocols and tools that aim to ensure the resilience, continuity and availability of ICT systems, in particular for those supporting critical or important functions, and to maintain high standards of availability, authenticity, integrity and confidentiality of data, whether at rest, in use or in transit. Confidential Cloud is a comprehensive end-to-end data protection toolset for cloud infrastructure security and protection of digital assets throughout their lifecycle. This includes protection of data at rest, in transit, and most novel – in use.


DORA should not be construed as an information security act. Rather, it is a complementary act focused on strategies, frameworks, and governing processes.

Get Started!

Explore how Confidential Cloud helps to secure your cloud infrastructure, protect your data from any AI workload and in turn, enable new business.



CanaryBit joins NVIDIA Inception Program for secure AI

CanaryBit joins NVIDIA Inception Program for secure AI

The solutions developed by CanaryBit have since its inception aimed to provide end-to-end data protection and governance solutions for confidential and secure AI processing, enabling B2B collaborations and compliance with data protection regulations. Today, we are...

CanaryBit joins ABB ‘s innovation growth hub SynerLeap

CanaryBit joins ABB ‘s innovation growth hub SynerLeap

CanaryBit has become a member of Synerleap, ABB's innovation growth hub. Synerleap aims to create an ecosystem where ABB can utilize and enable technology companies to grow and expand on a global market in its business areas including industrial automation, robotics...