Newsletter Anmeldung

Bleiben Sie mit dem Newsletter immer up to date.

Zur Anmeldung
Request
arrow-to-top
HomeConsultancyData protectionEU Digital Operational Resilience Act (DORA)
Dimitri Korostylev
Head of Legal & Data Privacy Consulting
request

EU Digital Operational Resilience Act (DORA)

Dimitri Korostylev
Head of Legal & Data Privacy Consulting
request

The new EU regulation on ICT resilience affects Swiss companies too – are you prepared?

The increasing dependence on digital processes means that ICT risks are omnipresent in the financial sector. Regulation (EU) 2022/2554 on digital operational resilience in the financial sector, the Digital Operational Resilience Act (DORA), creates binding rules for dealing with ICT risks in the financial sector. DORA has been in force since January 2025 and also affects Swiss companies with links to the EU/EEA.

Who does DORA impact specifically?

  • Financial companies in the EU/EEA: banks, insurance companies, stock exchanges, payment services, crypto platforms, etc.
  • Third-party ICT providers (e.g. cloud, network and software providers)
  • Swiss financial companies that have branches in the EU/EEA and Swiss ICT companies that provide services to EU/EEA financial players (customer loyalty or supply chains)

What exactly does DORA require?

DORA calls for a robust and verifiable ICT risk management, including

  • Early detection and reporting of ICT incidents
  • Regular resilience tests (e.g. TLPT – Threat-Led Penetration Testing)
  • Crisis and emergency exercises with defined recovery times
  • Contracts with third-party providers according to DORA specifications
  • Threat intelligence

DORA links information and IT security, risk management, business continuity management and data protection within a standardised legal framework.

What does DORA mean for Swiss companies?

Swiss companies in the financial sector and ICT service providers with links to financial players in the EU/EEA must be aware of and implement the DORA requirements – even if they are not based directly in the EU/EEA.

Fulfilling the DORA standards is not a one-dimensional task. Rather, organisational (e.g. governance), technical (e.g. threat-led penetration testing) and legal aspects (e.g. data protection, compliance) are to be combined.
This is demanding, but worthwhile: not only in terms of DORA, but also with regard to more effective security and the company’s reputation both at home and abroad. Those who act in accordance with DORA therefore benefit twice over:

  • Greater IT security and crisis resilience
  • Competitive advantage through proof of compliance
  • Strengthened customer relationships through trust

Our offer: DORA implementation from a single source

Whether governance, technical implementation or legal protection: we provide you with interdisciplinary support – with specialists from IT security, risk management, legal & compliance and data protection.

  • Analysis to what extent DORA is relevant for your company
  • Roadmap for implementation based on our “DORA House”
  • Support during tests and audits
  • Ongoing advice on regulatory issues

When implementing DORA choose an experienced partner with an interdisciplinary approach and best practice: us.

Are you ready for DORA? We support you – practically, efficiently and at eye level.

Non-binding enquiry

© Swiss Infosec AG 2025