The DORA regulation decoded: what SMBs need to know

3 min
July 4, 2024

After 2008, numerous reforms strengthened the solidity of the financial sector. Today, however, the risks associated with the use of digital technologies continue to grow, so much so that in its latest report, the IMF estimates that cyber incidents represent a threat to the stability of the financial sector. In 2023, for example, Lesotho's central bank suffered a cyber attack that prevented the country's banks from carrying out any transactions for several hours.

Nevertheless, in 2022, the European Union took up the issue with the DORA (Digital Operational Resilience Act) regulation.

Also known as the Financial Sector Digital Operational Resilience Regulation, this requires member states to adopt measures to mitigate the risks associated with the use of information and communication technologies (ICT) in the financial sector.

In this article, we present the DORA regulation, then explain how your SME could be impacted by it, and how it can anticipate it.

DORA regulation : Presentation

Objectives and key points of the regulation


The DORA Regulation aims to establish uniform rules across the European Union for the security of financial entities' networks and information systems.

As a result, many companies such as banks, insurance companies and investment firms will have to comply with new regulations in the future.

Key points

The DORA regulation seeks to establish common, sustainable and prudent governance that will enable the financial sector to guard against the cyber risks associated with the use of ICT.

These risks include, for example :

  • theft of sensitive data
  • financial fraud,
  • ransomware attacks


Among other things, any company concerned must :

  • implement measures to notify, manage and classify ICT-related incidents
  • carry out regular resilience tests on their digital infrastructures
  • ensure that their service providers comply with DORA regulations
  • share crucial information and intelligence on cyber threats to the financial sector

And much, much more!

When will the DORA regulation take effect?

Passed by the European Parliament in 2022, the regulation will come into force on January 17, 2025.

After this date, all EU countries will need to have implemented rules to secure digital risks in the financial sector.

Who is affected by the DORA regulation?

Since the beginning of the year, the Autorité des Marchés Financiers (AMF) has been calling on players to prepare for the DORA regulation (more information).

Indeed, many players are affected by the entry into force of this regulation. Although banks, insurance companies and investment firms are the first to be affected, other players are also involved, including providers of information, communication and digital-related services.

In short, many more people are affected than you might have imagined, and your SME may even be directly concerned by the DORA regulations.

Focus on SMEs

The transposition of the regulation for SMEs: How can SMEs best prepare and stand out from the crowd?

From January 2025, the regulation will require SMEs to have clear rules in place to strengthen their operational resilience and limit the risks associated with the use of digital technologies.

To prepare for the application of the DORA regulation, SMEs can already carry out an initial security assessment of their information systems. This should enable the SMEs concerned to develop a strategy to mitigate the risks associated with the use of ICT and ensure their operational resilience.

As a second step, it's a good idea to make your staff aware of the DORA regulation, and to ensure that your suppliers are compliant with the regulation.

Conclusion - Bastion & DORA

As you can see, by January 2025, if you are affected by the DORA regulation, your company will have to comply with a number of standards and regulations.

To help you prepare for this, Bastion will help you carry out an initial cyber audit, which will enable you to take stock of your cyber maturity and your compliance with the DORA regulation. We will then assist you in implementing an action plan to remediate the vulnerabilities detected during this audit, so that you are compliant with the DORA regulation.

I would like Bastion Technologies to help me comply

Discover our latest articles

Start with a

free cyber audit

Evaluate your cyber posture with a cyber assessment received within 24 hours.

Get a Free Audit

Security Score

Your risk level is critical


Phishing risk

Security of your email accounts


Data leaks

Compromised data on the internet


Web vulnerabilities

Risks associated with websites and web applications


By clicking “Accept”, you agree to the storing of cookies on your device to enhance site navigation, analyze site usage, and assist in our marketing efforts. View our Privacy Policy for more information.