43% of UK Banks Unprepared for DORA Compliance: Data Centers & Cloud Providers Face New EU Regulations

As of January 17, 2025, the EU’s Digital Operational Resilience Act (DORA) is officially in action, significantly impacting the way financial institutions manage risk and resilience within their ICT systems. While the deadline for compliance was set for January 16, 2023, recent findings reveal that a substantial percentage of UK banks are still not ready to meet the stringent requirements of the regulation.

This article delves into the complexities of DORA’s implementation, focusing on the challenges financial organizations face, especially regarding third-party dependencies, such as data centers and cloud service providers.

The Digital Operational Resilience Act (DORA) was introduced to protect the financial services sector from increasing risks related to ICT systems. The regulation mandates financial institutions to ensure that their technology infrastructure, including services provided by third-party companies, is secure and resilient enough to withstand cyberattacks and operational disruptions.

DORA aims to address incidents like the 2019 outage at TSB, where the failure to test a new data center led to two million customers losing access to accounts. This caused significant financial loss, regulatory penalties, and reputational damage to the bank.

Leave a Comment