This browser is not actively supported anymore. For the best passle experience, we strongly recommend you upgrade your browser.
| 1 minute read

Hidden dangers in the DORA technical standards

There are pitfalls for the unwary in the EU’s Digital Operational Resilience Act.

DORA opens up new regulatory risks for financial services firms as they prepare to withstand IT issues. The law starts to apply in January 2025. New draft rules shine a light on how tricky full compliance is going to be.

The European Supervisory Authorities are consulting on regulatory and implementing technical standards. These RTS and ITS add a lot more detail to the “Level 1” DORA. The consultation closes soon: the deadline for feedback is 11 September 2023.

In a recent webinar, Linklaters lawyers Michael Leicht, Catherine Freichel and Raza Naeem walked through the draft technical standards. They highlighted things to look out for in the RTS and ITS, both for financial services and firms providing ICT services to the financial sector.

These technical standards:

  • Amplify the Level 1 DORA requirements in some important areas, such as firms' ICT risk management framework and register of information for ICT contracts
  • Are generally more prescriptive than what applies today under existing legislation and guidelines
  • Require firms to consider the gap between what they already do today and what they will need to do under DORA
  • Will be finalised early next year, with more RTS and ITS to follow in summer 2024, meaning that firms must be ready to adapt their implementation of DORA in response

Subscribers to the Linklaters knowledge portal can access the slides from the webinar. Get in touch with us if you would like to discuss what DORA means for your business.


eu, fintech, operational resilience, dora