IT Brief UK - Technology news for CIOs & IT decision-makers
United Kingdom
Guides
#
artificial intelligence
#
digital transformation
#
disaster recovery
#
hybrid & remote work
#
internet of things
Search
Story image
#
Cybersecurity
#
Software Updates
#
Insurance

Digital resilience rules for ICT providers from 2025

Yesterday
Author image
By Kaleah Salmon, Journalist

The Digital Operational Resilience Act (DORA) will be implemented on 17 January 2025, affecting ICT providers connected to the financial services sector.

DORA seeks to enhance the digital resilience of financial entities by ensuring they remain operational despite technological disruptions or cyber incidents. This regulation not only targets financial institutions like banks, insurers, and payment firms but also applies to ICT providers who deliver essential digital services, even those situated outside the EU.

ICT providers offering services such as cloud hosting, data processing, software updates, or technical support will need to align with DORA by mid-2025. The European Supervisory Authorities (ESAs) will designate some ICT providers as "critical," imposing more stringent requirements for those playing a significant role in financial services.

Providers must ensure their contracts with financial institutions include clear service level agreements, transparency about data locations, procedures for incident management and communication, and rules for subcontracting and contract termination. These elements should be integrated into contracts in a manner that suits the specific services provided.

ICT businesses outside the EU are also advised to heed DORA. If clients operate within the EU or fall under its regulations, their compliance hinges on the ICT providers' adherence to DORA. Non-compliance could jeopardise partner relationships and damage reputations.

ICT providers are encouraged to review existing contracts to check adherence to DORA's requirements, update contracts to fill any gaps, remain vigilant against requests that falsely claim compliance necessity, and consult with experts to navigate compliance issues effectively.

Kay Yung, Senior Commercial Solicitor at Hybrid Legal, said, "Twenty-five years ago, as the world prepared for Y2K, we learned the value of being ready for technology challenges. DORA is today's reminder that being prepared is key. ICT providers need to take action now to ensure they're seen as reliable and trusted partners to the financial sector."

With DORA's implementation approaching, ICT providers must proactively address compliance requirements to maintain their role in the financial services ecosystem. Ensuring readiness will be essential to navigating this regulatory shift effectively.

Follow us on:
Follow us on LinkedIn Follow us on X
Share on:
Share on LinkedIn Share on X
Related stories
SandboxAQ secures $300m to advance AI quantum tech
Domo's report unveils AI's impact on digital behaviour
Digicert ONE now available via Microsoft Azure Marketplace
Free AI & cyber courses launched to close skills gap
ReliaQuest reveals increase in malware via fake CAPTCHA pages
Top stories
Wall Street English unveils AI chatbot for student support
Otterly.AI exits stealth, helping brands monitor AI search
ANS enhances UK business with AI initiatives & growth
ScotlandIS outlines 2025 trends in AI, remote work, security
Arity enhances data speed & cuts costs with Starburst