man in a office room meeting

Time for action

 Is your organisation DORA-ready?

Rita Machado, Senior Consultant, Consulting and Ashwariya Rastogi, Consultant, Consulting
17/01/2025
man in a office room meeting

The EU’s Digital Operational Resilience Act (DORA) was passed on 16 January 2023, to strengthen the information and communication technology (ICT) security of financial entities, including their providers of ICT services. Organisations need to comply with the requirements from 17 January 2025.

Many UK-based financial entities recognised they are impacted by DORA as providers of ICT services as part of a group structure and made the necessary preparations.

Having reached the implementation date, it is crucial for organisations to assess their readiness, transitioning the activities to business as usual (BAU) and identify critical areas for improvement. DORA's implementation and on-going compliance has been a significant undertaking for financial entities in the EU and for those in-scope in the UK. By proactively considering the level of readiness to comply with DORA, organisations will be enhancing their digital operational resilience leading to greater trust with customers and improved competitive advantage.

The checklist serves as an evaluation of the level of readiness for DORA. An additional important part of the readiness level is the consideration of the EU technical standards issued during 2024 to guide the implementation.

From a UK perspective, there are some important parallels. For example, it was interesting that the Prudential Regulation Authority’s (PRA) “Insurance Supervision: 2025 priorities” published earlier this month significantly emphasises the expected commitment to operational resilience, cyber security, and third-party risk management, aligning closely with the key areas highlighted by EU’s DORA.

But UK regulators seem to be going one step further and the PRA will be consulting with the FCA in the second half of 2025 on policy relating to the management of ICT and cyber risks – so a UK version of DORA could be expected to follow. As a result, UK organisations that have already addressed the requirements of DORA in a practical, pragmatic way, may well find themselves ahead of the game from a regulatory perspective.

Table-DORA insight 

How can Crowe help?

Crowe's experience in DORA, operational resilience, and supplier risk management-combined with our pragmatic and progressive ethos-empowers organisations to address all aspects of resilience. Our holistic approach helps organisations navigate complex challenges and unlock significant value.

With the implementation deadline now passed, it’s essential for organisations to review their compliance, embed activities into BAU, and address any key areas for improvement.

Our Consulting team takes a pragmatic approach to simplify the complexities of DORA, helping you meet its requirements in a practical and proportionate way that strengthens resilience.

Ready to take DORA maturity to the next level? Contact Justin Elks for a consultation to explore how we can help you optimise your resilience journey.

Contact us

Justin Elks
Justin Elks
Partner, Head of Consulting
London