In this episode, host Sylvain Kalache sits down with Laura Woo, founder of Dora Report, to explore one of the most significant regulatory shifts in the European financial sector—DORA, the Digital Operational Resilience Act. As financial institutions face increasing cyber threats and digital disruptions, DORA aims to ensure these organizations are prepared to respond, recover, and remain resilient.
Laura shares what DORA means for financial entities and critical third-party providers, the regulation’s core pillars, and how businesses can start preparing today. Whether you’re already navigating compliance or just learning about DORA, this episode is packed with actionable insights.
Key takeaways
1. DORA applies broadly across the EU financial ecosystem
Any financial institution operating in the EU, as well as their critical third-party providers, must comply with DORA—even if they are headquartered outside of the EU.
2. Five key pillars define DORA’s framework
DORA centers around ICT risk management, third-party risk oversight, incident reporting, digital resilience testing, and information sharing across the sector.
3. Incident reporting deadlines are strict and immediate
Firms must submit an initial incident notification within four hours of detection, followed by intermediate and final reports—requiring robust internal processes.
4. Penalties include financial and reputational risks
Non-compliance could lead to fines of up to 1% of average daily global turnover and public disclosure of violations, impacting trust and credibility.
5. Getting started means checking your scope and building processes now
Organizations should confirm whether DORA applies to them, identify critical third parties, build incident workflows, and engage with local regulators proactively.
Rootly‘s DORA Guide, which is mentioned in the podcast, can be found here.
Rootly is an AI-powered on-call and incident response. Trusted by leading companies like NVIDIA, Squarespace, Canva, Figma, and more.