The Digital Operational Resilience Act (DORA) is the European Union’s new regulation designed to strengthen the financial sector’s resilience against cybersecurity risks and ICT (Information and Communication Technology) failures. By 17th January 2025, financial entities across the EU must be fully compliant, with an additional deadline of 30th April 2025 to register ICT service providers. But what does this mean for your business, and is it relevant to the UK?

What Is DORA in Compliance?
DORA focuses on ensuring that financial institutions can continue their operations, even in the face of major ICT-related disruptions. It covers banks, investment firms, insurance companies, and other financial entities that rely heavily on digital systems.
The regulation establishes a framework to:
- Identify and manage ICT risks.
- Test operational resilience.
- Establish incident reporting requirements.
- Monitor third-party ICT providers.
- Maintain strong governance practices.
By doing this, the EU aims to reduce cyber threats and ensure financial stability in a digital age.
Is DORA Applicable to the UK?
While DORA is an EU regulation, UK businesses with ties to the EU will likely need to comply. For example, if your organisation provides services to EU-based financial entities or operates in multiple jurisdictions, DORA compliance will apply. Post-Brexit, the UK has its own regulatory frameworks, but they often align with EU standards to maintain global competitiveness. UK businesses should stay informed and assess whether they need to align with DORA’s requirements.
What Are the 4 Pillars of DORA?
DORA’s framework is built around four key pillars:
- ICT Risk Management Financial institutions must identify, assess, and mitigate risks associated with their ICT systems. This includes having a strategy for backups, recovery, and security updates.
- Operational Resilience Testing Regular tests must be conducted to ensure systems can withstand disruptions, whether caused by cyber-attacks, system failures, or natural disasters.
- Incident Reporting Firms must report significant ICT-related incidents promptly. This ensures that the regulator and other stakeholders are aware of risks and can respond effectively.
- Third-Party ICT Risk Management Businesses must monitor the ICT providers they rely on, ensuring these suppliers adhere to similar operational resilience standards. This is critical for firms using cloud services, data centres, or external software providers.
What Is the Difference Between DORA and GDPR?
Both DORA and the General Data Protection Regulation (GDPR) aim to strengthen organisational practices in the digital age, but they focus on different areas:
While GDPR applies to a broader range of organisations, DORA is specifically targeted at the financial sector and its ICT systems. Both require organisations to adopt a proactive approach to compliance, but DORA leans heavily on the reliability of technology and processes.
- GDPR: Primarily targets data protection and privacy, ensuring individuals’ personal data is handled correctly and securely.
- DORA: Focuses on operational resilience, ensuring financial institutions can function effectively even during ICT disruptions.
How Can Leysen Help?
At Leysen, we specialise in supporting businesses with their digital transformation and compliance needs. Our expertise in cybersecurity, ICT risk management, and operational resilience can help you prepare for DORA deadlines. With services including:
- Risk assessments for ICT systems.
- Governance framework design.
- Guidance on working with third-party ICT providers.
We’ll ensure your business remains resilient and compliant. Visit our Compliance Services page for more information.
Key Deadlines to Remember
- 17th January 2025: Deadline for DORA compliance.
- 30th April 2025: ICT service providers must be registered with relevant authorities.
Don’t leave compliance to the last minute. The sooner you act, the better prepared your business will be to meet these critical requirements.

Final Thoughts
DORA represents a significant shift in how financial institutions manage digital risks. By adopting its principles, businesses can not only meet regulatory requirements but also build trust with their clients. If you’re unsure where to start, reach out to Leysen. Our team is here to guide you every step of the way.
Take Action Today
Ready to ensure your business is DORA-compliant? Contact us at Leysen today to schedule a consultation. Let us help you navigate the complexities of ICT risk management and operational resilience. Visit our Contact Us page or call us directly to get started!