DORA is live – but are you already meeting all the requirements?

By
Erik Schilling
-

Last Updated on 17. July 2025 by mgm-marketing

The Digital Operational Resilience Act (DORA) has officially been in force since 17 January 2025. The regulation requires financial companies to meet comprehensive digital resilience requirements. However, while some market participants have implemented the requirements on time, many are still struggling with full implementation. Likewise, the tax authorities have not yet finalised their adjustments to supervisory and administrative practices and the implementation of IT processes and systems in the context of DORA.

Where do financial service providers stand?

Although the two-year transition period seemed sufficient, it can be assumed that not all companies are already fully compliant. Smaller financial service providers and fintechs are facing particular challenges because they often lack the necessary human and technical resources. Large banks and insurers are also affected – especially when it comes to integrating third-party providers and adapting existing processes in risk management and the IT systems used.

The biggest challenges

  • ICT risk management: Many companies are finding it difficult to assess and secure their IT infrastructures in accordance with the DORA requirements.
  • Reporting requirements for cyber incidents: The new requirement to report ICT-related incidents within strict deadlines is posing organisational challenges for some companies.
  • Resilience testing: Comprehensive stress tests on IT systems require specialised experts and resources that are not available everywhere.
  • Third-party management: Financial companies must ensure that external IT service providers also meet DORA requirements – which is particularly complex for international providers.

Our solution: The DORA Readiness Check

To help companies identify and address outstanding requirements, we offer our DORA Readiness Check tool solution. This helps to systematically uncover remaining gaps in the implementation of DORA requirements and display them in a clear dashboard. In addition, we support companies in the final successful implementation of DORA-compliant guidelines. This not only ensures a high level of security with regard to regulatory audits, but also sustainably safeguards the operational resilience of the company.

Example of the result of a DORA readiness check
Example of the result of a DORA readiness check

Practical example: DORA compliance through structured policy alignment

A large pension fund was faced with the challenge of aligning its internal guidelines and policies with the new DORA regulations. Ensuring compliance in the areas of operational resilience, IT security and risk management for third-party providers was particularly critical.

Our experts supported the company with a targeted, practical approach: First, the existing guidelines were thoroughly analysed to identify gaps and optimisation potential. With the help of our DORA readiness check, the uncovered requirements were identified. In the next step, we provided industry-specific model guidelines that served as the basis for a DORA-compliant revision. Finally, the basic coverage of the requirements in the revised documents was checked – with a particular focus on IT security strategies and provider management.

The result: the customer was not only able to ensure full regulatory compliance, but also to sustainably strengthen its risk management and information security processes. The clear structure of the new guidelines now facilitates ongoing handling of DORA requirements and provides long-term security for audits by regulatory authorities.

Consequences for non-compliant companies

Financial regulators have already announced that they will strictly monitor compliance with DORA requirements. Companies that have not upgraded in time face severe penalties and regulatory action. Possible reputational damage is particularly critical if it becomes known that a company does not meet the new standards.

What companies should do now

For financial services providers that are not yet fully DORA-compliant, it is high time to close the gaps. This includes:

  1. Conducting a comprehensive gap analysis to identify outstanding requirements.
  2. Prioritising the most critical measures to at least meet the essential requirements as quickly as possible.
  3. Working closely with regulators and consultants to agree implementation plans and meet deadlines.

Conclusion

DORA is no longer a pipe dream – it is a reality. Organisations that are not yet compliant should act quickly to avoid regulatory consequences and strengthen their digital resilience. The next few months will be crucial to meeting the new standards and ensuring the trust of customers and regulators. With our DORA Readiness Check Tool solution, we provide effective support to help financial services providers to fully comply with the requirements in a secure and sustainable manner.

Contact us today to learn more about our solution and improve your DORA compliance. Efficient, secure and future-oriented!

Erik Schilling
Erik Schilling
Erik Schilling is a Principal Consultant at mgm consulting partners, specializing in insurance and business intelligence. With many years of experience in management consulting, he supports organizations in digital transformation, data strategy, and the implementation of complex IT projects. His expertise includes Scrum, PRINCE2, data modeling, test management, and data warehousing.
Linkedin Mail

Ähnliche Artikel MORE FROM AUTHOR