Digital Operational Resilience Act (DORA)

Ensure compliance, minimise risksOptimum implementation of DORA

The EU-wide Digital Operational Resilience Act (DORA) strengthens the digital resilience of financial organisations and introduces binding requirements for IT governance, risk management and third-party collaboration. Financial companies, including credit institutions, insurance companies and payment service providers, must adapt their internal systems and processes to these new standards.

With us as your partner, you can meet the complex DORA requirements efficiently, minimise risks due to a lack of compliance and at the same time benefit from specialised solutions that optimally meet the regulatory requirements.

Get informed now

This is how we cansupport you

Compliance consulting and gap analysis

We assess the current implementation status with regard to DORA and other sector-specific requirements (BAIT/VAIT/KAIT/ZAIT).

  • Carrying out a gap analysis to identify deviations from regulatory requirements
  • Creation of a catalogue of measures to achieve compliance
  • Review of existing IT strategies, governance structures and IT security processes
Reviewed IT and emergency concepts

Together, we ensure your operational resilience in accordance with the comprehensive requirements of DORA and BAIT. 

  • Development of IT risk management guidelines
  • Drafting and testing of emergency and recovery plans (disaster recovery, business continuity management)
  • Documentation of the necessary measures, including testing and reporting obligations
ICT risk management and IT outsourcing

We provide legal support in the drafting of IT outsourcing contracts and the management of third-party providers.

  • Review and drafting of IT outsourcing contracts in accordance with DORA requirements and sector-specific specifications
  • Assessment of third-party risks (third-party risk management)
  • Ensuring the fulfilment of reporting obligations to BaFin in the event of IT service provider failures or security incidents
Advice on the implementation of DORA

We support you in implementing the DORA requirements for digital operational resilience.

  • Implementation of ICT risk management frameworks (incl. governance, protective measures, identification of IT risks)
  • Support with the introduction of reporting obligations (e.g. incidents to the responsible authorities)
  • Creation of test concepts for stress tests to test the resilience of IT systems
Data protection and information security

Together, we ensure legally compliant compliance with data protection laws (GDPR) and IT security guidelines.

  • Review and creation of information security guidelines
  • Advice on the legal obligation to report cyber attacks or IT failures (e.g. in accordance with DORA and BAIT)
  • Support with the implementation of technical and organisational measures (TOMs)
Trainings and workshops

We sensitise your employees and managers to the regulatory requirements – efficiently and with a practical focus.

  • Implementation of training courses on IT compliance – via e-learning or customised for you
  • Workshops on the regulatory requirements of DORA, BAIT and their practical implementation
  • Simulations and exercises on emergency responses to IT incidents
Support for audits and reporting

We are at your side during the preparation and implementation of regulatory audits and support you as required.

  • Support during audits by BaFin or external auditors
  • Preparation of audit reports and verification
  • Development of audit checklists to prepare for regulatory audits
Advice on future regulations

We advise you proactively and help you to prepare for upcoming regulatory requirements in good time.

  • Monitoring and analysing regulatory developments at EU and national level
  • Early strategy development for the implementation of new regulations
  • Preparation of legal opinions on specific issues

DORAWhat exactly is that?

The Digital Operational Resilience Act (DORA), based on Regulation (EU) 2022/2554, applies from 17 January 2025 and affects all financial companies, including

  • Credit, payment and e-money institutions
  • Insurance companies and brokers
  • Rating agencies

The regulation was developed as a lex specialis to supplement existing national regulations. The aim is to ensure the functioning of the financial system through increased resilience, particularly in the face of increasing IT failures and cyberattacks as a result of advancing digitalisation.

Digital and operational resilience

The regulation aims to strengthen the resilience of financial companies to IT risks and cyber attacks in a standardised manner across the EU. This includes the establishment of comprehensive ICT risk management, which includes structured IT governance, the identification and assessment of ICT risks as well as measures for prevention, fault detection and business recovery. DORA also calls for regular digital resilience tests and the establishment of backup procedures and communication processes to ensure a high level of security in the financial sector.

ICT third party risk

A key component of DORA is the management of risks from third-party ICT providers. The increasing outsourcing of ICT services to third-party providers creates dependencies that can increase the risk of operational disruptions. DORA therefore sets out strict responsibilities and control rights for financial organisations to ensure that ICT service providers are treated as internal departments. This includes meeting specific contract requirements, even for non-critical functions, to effectively minimise potential risks.

Rely on our compliance expertsfor Dora implementation

With our expertise in regulatory requirements, IT compliance and risk management, we support you in the implementation of DORA and strengthen your resilience to IT risks. Contact us to optimise your digital and operational resilience.

Request now

Your personal contact

Matthias SchulzDirector Sales