DORA Deadline is Here: No Ifs, No Buts – Are You Ready?

The Clock is Ticking  Compliance is Non-Negotiable

On December 4th, 2024, the European Supervisory Authorities (ESAs) issued their latest—and arguably most urgent—update on the Digital Operational Resilience Act (DORA). The message is crystal clear: DORA becomes law on January 17, 2025, with no transitional period, no exceptions, and no room for excuses. Financial entities and critical ICT third-party providers must be fully compliant from Day One.

This is not just another regulation; DORA is a game-changer for the financial sector. Institutions that fail to prepare face severe consequences, from regulatory penalties to reputational damage and operational disruption. The time to act is now.

DORA: A Fundamental Shift in Financial Sector Regulation

DORA is designed to ensure the digital operational resilience of the EU’s financial system, addressing escalating cyber threats and the growing reliance on complex ICT infrastructures. For senior executives, this is not just a compliance exercise—it’s a strategic imperative to protect your organisation, customers, and stakeholders.


Key mandates of DORA include:

  • ICT Risk Management: Establish comprehensive frameworks for identifying, assessing, and mitigating digital risks.
  • Incident Reporting: Develop robust systems to classify, report, and address major ICT-related incidents immediately.
  • Third-Party Oversight: Maintain registers of ICT third-party providers and their contractual arrangements, ready for submission to competent authorities in early 2025.
  • Supervised Critical ICT Providers: Prepare for enhanced oversight, with the first designations of critical ICT providers expected in H2 2025.


Unlike prior regulations, DORA leaves no wiggle room. Supervisory authorities are empowered to enforce compliance rigorously, with a risk-based approach tailored to your entity's size, complexity, and operational risk profile.

Why Financial Institutions Must Act Now

The ESAs’ December 4th statement underscores the imminence of DORA’s requirements and the urgency for institutions to close any gaps in their compliance strategies.
Here’s why this matters:

  1. No Grace Period: From January 17, 2025, DORA is enforceable law. Non-compliance is not an option.
  2. New Reporting Obligations: Registers of ICT third-party providers must be ready, and incident reporting frameworks operational, by the start of 2025.
  3. Severe Penalties for Non-Compliance: Financial and reputational damage await those who fail to meet the standards.
  4. Proactive Supervision: Supervisors are prioritising cyber resilience as part of their 2025 Union Strategic Supervisory Priorities.


For financial institutions, this is a moment of reckoning. Complacency is not an option; proactive action is the only path forward.

Empty space, drag to resize

Your Compliance Journey: Support from ICTTF

Achieving DORA compliance requires expertise, tools, and actionable guidance. That’s where the ICTTF (International Cyber Threat Task Force) steps in, offering resources tailored to financial entities, including:

  • Specialist Training: Gain practical knowledge of DORA’s requirements through expert-led courses, such as those available at www.doratraining.eu and www.nis2professional.com
  • Gap Analysis Tools: Leverage purpose-built tools like the DORA Gap Analysis spreadsheet to identify and address compliance deficiencies.
  • Expert Insights: Access workshops and masterclasses designed to align your organisation with the latest regulatory expectations.

ICTTF’s offerings are designed to empower financial institutions to turn compliance into an operational strength.

The EU Cyber Summit 2025: Your Roadmap to Resilience

If you’re looking for the definitive event to understand and prepare for DORA, the EU Cyber Summit 2025 is your destination. Taking place on January 16-17, 2025, this two-day summit incorporates the EU DORA Summit, offering unrivalled insights and practical guidance.

What to Expect:

  • Day 1: NIS2 Directive: Understand how NIS2 complements DORA and impacts your compliance framework.
  • Day 2: DORA Compliance in Action: Participate in workshops, panels, and case studies that break down DORA’s requirements and offer actionable strategies.
  • Certification Opportunities: Delegates can earn certifications like CNCP (Certified NIS2 Compliance Practitioner) and CDCP (Certified DORA Compliance Practitioner), demonstrating their expertise and commitment to resilience.

Visit www.eucybersummit.com to secure your spot and ensure your organisation is ready for January 17, 2025.