Operational Resilience: What DORA and NIS2 Mean for You

30 August 2025

Vinay Vyas

Summary

Europe’s digital operational resilience laws are changing fast. The UK's Cyber Security and Resilience Bill, currently passing through Parliament, will replicate and build upon much of what DORA and NIS2 have already set out. Here's what this means for you in simple terms.

Understanding DORA and NIS2

DORA (Digital Operational Resilience Act) and NIS2 (EU’s updated Network & Information Security Directive) are raising the bar for digital risk management. If you work in finance, insurance, or critical infrastructure, these laws will impact you.

What these regulations demand

Clear accountability and testing

You’ll need to prove you can spot cyber and other operational risks early, recover from disruption, and manage third-party risks. That includes regular testing, board-level oversight, and clear reporting.

No more box-ticking

These aren’t tick-box rules, they’re about building real operational resilience across your whole organisation.

So what? What should I do?

DORA and NIS2 aren’t just more paperwork; they’re a signal that regulators expect clear, ongoing proof of resilience. Failure to comply could lead to fines, reputational damage, or losing your licence to operate in regulated sectors.

Start now by mapping your current processes against the core requirements.

Are you ready to respond and report within 72 hours?
Do you know your critical systems and who provides them?
Do you know which of your third parties pose the biggest risk?
Have you tested your incident response plans with your third party partners?
Are all staff aware of the communication channels, and their back ups, to use in case of an incident?
Do you have back up plans in case of an incident, and have they been tested recently?

Everyone in your organisation has a role to play to strengthen your firm's operational resilience, it's not just for IT.

Did you know?

DORA applies to over 22,000 financial entities across the EU, including banks, insurance firms, and even ICT providers.

Back to Blogs

Cookie	Duration	Description
cookielawinfo-checkbox-analytics	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Analytics".
cookielawinfo-checkbox-functional	11 months	The cookie is set by GDPR cookie consent to record the user consent for the cookies in the category "Functional".
cookielawinfo-checkbox-necessary	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookies is used to store the user consent for the cookies in the category "Necessary".
cookielawinfo-checkbox-others	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Other.
cookielawinfo-checkbox-performance	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Performance".
viewed_cookie_policy	11 months	The cookie is set by the GDPR Cookie Consent plugin and is used to store whether or not user has consented to the use of cookies. It does not store any personal data.

Argus Pro