The Digital Operational Resilience Act, aka DORA

DORA is a European law intended to ensure that firms subject to it will be able to maintain operational capability in the event of disruptions caused by cyber security and information and communication technology (ICT) incidents. DORA is not a UK law, but it will likely have significant implications for many UK financial services businesses, and businesses in the unregulated sector. 

• What is DORA?  Why is being implemented? What concerns is it intended to address?
• What is the timeframe for its implementation?  How will the law be introduced? 
• What is the relationship between DORA and UK requirements, such as operational resilience and outsourcing/ critical third party controls? 
• What is the impact for UK financial services businesses?  Are there implications for non-FS businesses, such as third-party ICT providers? 
• What is a proportionate approach to assessing the impact of DORA and what measures should be taken to comply with it?