top of page

Navigating the DORA EU Dry Run: Key Dates and Insights

  • Antonis Hadjicostas
  • Jun 22, 2024
  • 2 min read

dora, digital operational resilience act

Digital Operational Resilience Act (DORA) is a comprehensive regulatory framework designed to bolster the financial sector's resilience against ICT-related disruptions and cyber threats. It mandates stringent risk management, incident reporting, and operational resilience measures.


As financial institutions across Europe gear up for the forthcoming DORA, the EU has announced a series of dry run exercises to ensure readiness and compliance. These preparatory steps are crucial for firms aiming to align with the stringent requirements and enhance their operational resilience in the face of digital threats.


On 31 May 2024, the European Supervisory Authorities (ESAspublished templates, technical documents and tools for the dry run exercise on the reporting of registers of information in the context DORA. All participating financial entities are expected to submit the required information to their competent authorities between 1 July and 30 August 2024.


Key Dates to Remember


  • July 1, 2024: The first round of dry run exercises will commence. This phase will focus on testing the incident reporting protocols and the robustness of ICT risk management frameworks.


  • October 15, 2024: Financial institutions must submit their preliminary compliance reports. These reports will provide a detailed analysis of their current state of preparedness and highlight any areas requiring improvement.


  • January 1, 2025: The second dry run phase will begin, emphasizing the testing of business continuity plans and the effectiveness of disaster recovery mechanisms.


Why Participate in the Dry Run


Engaging in these dry runs is crucial for financial institutions. They provide a controlled environment to identify potential vulnerabilities and ensure that compliance measures are robust and effective. Moreover, these exercises offer valuable insights into the operational readiness of firms, allowing them to refine their strategies ahead of the full implementation deadline in January 2025.


ESAs Views


The European Banking Authority (EBA), European Securities and Markets Authority (ESMA), and European Insurance and Occupational Pensions Authority (EIOPA) have all emphasized the importance of these dry runs. In recent publications, these authorities have highlighted the necessity of proactive engagement:


  • EBA: EBA underscored the importance of rigorous incident reporting and the need for financial institutions to adopt a holistic approach to ICT risk management.


  • ESMA: ESMA's guidelines stress the significance of these dry runs in ensuring that firms' business continuity plans are not only compliant but also effective in real-world scenarios.


  • EIOPA: EIOPA has pointed out that the dry runs will help in assessing the resilience of insurance and pension sectors, ensuring they can withstand and quickly recover from ICT-related disruptions.


Conclusion


The DORA EU dry runs are a pivotal step towards achieving full compliance and enhancing the digital operational resilience of the financial sector. Financial institutions should mark their calendars and actively participate in these exercises to ensure they are well-prepared for the regulatory changes ahead

The material reflected in our website, including Blog material, is for informational purposes only and does not constitute legal advice, consulting, or any other professional advice. Please seek independent professional guidance for your specific needs.

All rights reserved. No part of this work may be reproduced, stored in a retrieval system of any nature, or transmitted, in any form or by any means including photocopying and recording, without the prior written permission of the ENAH Services Ltd. The reproduction or transmission of all or part of the work, whether by photocopying or storing in any medium by electronic means or otherwise without the written permission of the owner is strictly prohibited and the commission of any unauthorised act in relation to the work will result in civil and/or criminal actions. 

bottom of page