On January 17, 2025, the European Union’s Digital Operational Resilience Act — known as DORA — became fully enforceable, fundamentally changing how financial institutions across Europe manage cyber and operational risk. One year into enforcement, regulators have designated critical ICT providers, penalties are now being levied, and the January 2026 supervisory review is underway. In this episode, we break down what DORA actually requires, who it applies to, why it matters even if you’re not in the EU, and what the upcoming review means for the financial sector globally.
