Diogo Pereira Duarte and Marta Boura take stock of one year of the DORA Regulation

Regulation (EU) 2022/2554, known as DORA (Digital Operational Resilience Act), which came into full application in January 2025, has changed the way the financial sector views technology, moving it from being merely a legal obligation to becoming a central factor in business continuity.

In an article published by ECO, Diogo Pereira Duarte, partner, and Marta Boura, consultant at Abreu Advogados, review the first year of the regulation, concluding that, despite the challenges, it represents a strategic opportunity to strengthen the digital resilience of the financial sector: “DORA should not be seen as a mere compliance exercise. It should be regarded as an opportunity to strengthen the ability of financial institutions to respond when technology fails.”

The regulation requires entities to be prepared to prevent, detect and recover from technological failures, through clear rules on risk management, testing, incident reporting and the oversight of service providers.

Read the article.