The whitepaper explores DORA in detail, and includes:

• An introduction to the broad scope of, and rationale behind, DORA, as well as the timelines for implementation;

• An exploration of the central requirement of DORA: the creation of a risk management framework for digital risk;

• An examination of the contract remediation workstream that will be required, and;

• A review of the impact of DORA on the technology companies that supply ICT service to financial entities.

A number of requirements in DORA will be familiar to financial entities and some will stand as effective compliance with DORA. Others bear a similarity which is more helpful than conclusive, requiring further steps to be taken before a requirement currently being met satisfies the requirements of DORA.

This variance likely requires a gap analysis if the aim is to map the new regulations with the current ones, but this will potentially require significant effort.

An initial review should consider two questions as a first step in determining whether existing regulations can form the basis of DORA compliance:

1. Subject matter: Is the subject matter of the current regulations sufficiently similar to DORA?

2. Scope: Is the scope of the current regulations sufficiently similar to DORA?