Blog Post

Partner news
2 MIN READ

Empowering tomorrow with DORA today: prepare for January 17 security regulations

JillArmourMicrosoft's avatar
JillArmourMicrosoft
Icon for Community Manager rankCommunity Manager
Jan 27, 2025

The Digital Operational Resilience Act (DORA) went into effect on January 17, 2025. DORA is a set of financial services regulations passed by the European Union (EU) that impacts financial entities organized or operating in the EU, as well as technology companies that provide “information and communication technology (ICT) services” to them. Microsoft is dedicated to supporting our partners and customers in the EU and beyond as they navigate the complexities of these new regulations. 

As the financial sector becomes increasingly dependent on technology to operate, it has become clear that robust ICT risk management practices are implemented to ensure operational resiliency of critical infrastructure.  

DORA emphasizes the following key areas:  

  • ICT risk management: Institutions must implement advanced systems to identify, assess, and mitigate ICT risks.  
  • Incident reporting: Real-time incident management systems are required to notify regulators promptly.  
  • Resilience testing: Organizations must conduct regular testing to ensure digital infrastructures can withstand significant disruptions.  
  • Third-party oversight: Financial institutions must ensure robust governance of their critical ICT service providers.  
  • Regulatory Supervision: European Supervisory Authorities will designate ICT third-party services providers who are deemed “critical” to the financial services industry, based on data inputted from financial entities that use such third parties to serve critical important functions of their business operations, i.e., the critical backbone of the financial services industry. 

 

Microsoft is preparing for and expects to be designated as a critical third-party, sometime approximately in October 2025 or later. 
 

DORA also brings increased scrutiny from financial supervisory authorities and requirements for third-party ICT providers. 

Microsoft has developed the resources your organization needs to understand and meet these new mandates. Go to our DORA landing page to discover what DORA might mean for your organization, how you might get and remain compliant, and how to guide your financial services customers on their compliance journey.

Learn more about DORA

Updated Feb 06, 2025
Version 2.0
security
No CommentsBe the first to comment