On January 17, 2025, the Digital Operational Resilience Act (DORA) will enter into force in the EU. Operational resilience is a company’s ability to recover from an unexpected event, which in the case of the DORA means digital events – like cyberattacks.

The DORA regulation applies to all financial firms in EU member states and aims to increase the financial sector’s ability to respond to ICT incidents. This is beneficial for customers who will have more protection from underprepared financial firms.

However, it does come with additional burdens for financial businesses. Since the DORA doesn’t go into effect until 2025, the finance industry has time to understand its obligations under this act and ensure it’s prepared, starting now.

What does the DORA require?

The DORA regulation encompasses five areas: risk management,  incident reporting, third-party risk management, digital operational resilience testing, and information sharing among supply chains.

At its core, the DORA requires financial companies to report cybersecurity incidents quickly and effectively. They must respond to requests from regulators and customers and have visibility into their vendors and supply chains, as well as any cybersecurity incidents that may arise here. They must also have comprehensive communication channels with everyone in their digital ecosystem.

I don’t work for a finance company – why should I care?

If you interact with a financial institution, use financial institutions, or supply services to financial institutions, you need to understand DORA. With its focus on information sharing and visibility, you may be called on to provide information or be informed of incidents as they happen.

I’m not in the EU – do I need to prepare?

If you interact with, use services, or supply services to financial institutions in the EU, you still need to understand the DORA and its implications – including U.S. organizations.

How should I prepare?

While the DORA doesn’t come into effect for another two years, financial institutions must understand and analyze their current resilience and communication plans to decide where they still need to improve.

Immersive Labs has created two new Crisis Sim scenarios to help with this preliminary awareness stage.

The first can be played by your entire workforce to increase their knowledge of the DORA and its implications. The second is to raise awareness in executives regarding areas needing improvement. Used together, these two scenarios provide a preliminary health check across your organization on readiness for the DORA. You can then build on these results to prepare further.

Don’t delay! Get started on these scenarios now in the Immersive Labs Cyber Crisis Simulator and take the first steps towards understanding your organizational readiness for the DORA.

Check Out Immersive Labs in the News.


April 25, 2023


Charlotte Ball

Content Researcher