DORA - the deadline has passed, what do you need to know?

Overview

The EU Digital Operational Resilience Act (DORA) is now in force and applies to a very wide range of financial institutions and other regulated financial services providers with EU operations.

Amongst the requirements that need to be met, as of the 17 January 2025, regulators will expect that regulated entities have:

• adjusted their ICT risk management frameworks, processes and controls,
• implemented new incident response and reporting requirements,
• ensured their contracts with ICT service providers have been updated to include mandatory DORA contractual provisions,
• completed a register of information of third party contracts, and
• navigated new requirements for monitoring the resilience of ICT supply chains.

Join us for this Q&A session during which our DORA leads will consider issues that have arisen along the journey to compliance for regulated entities, focusing on challenges around addressing DORA's third-party risk and contractual requirements. We will also give you the opportunity to discuss the questions most concerning to you.