Images are still loading please cancel your preview and try again shortly.

Accessibility tools

Operational Resilience

What is operational resilience?

Financial firms build resilience to withstand disruption to their business. New rules require UK firms and market infrastructure to prepare for incidents and remain within pre-identified and limited tolerances for failure. EU firms and FMI will need to manage their ICT risks under the DORA framework. Policymakers around the world are developing similar standards.

Explore our regulatory insights.

When do the rules apply?

The UK rules started to apply on 31 March 2022, although there is a transition period before firms and market infrastructure are required to remain within tolerance levels. The EU’s Digital Operational Resilience Act is expected to start applying in late 2024.

Visit our timeline which includes links to the key regulatory publications.

Podcasts series

We have a range of resources available on operational resilience including webinars which are available via our Knowledge portal. We have also launched a podcast series where our lawyers take a closer look at what operational resilience means for financial services firms.

Listen to our podcast.

How can we help?

We have a market-leading financial regulation practice which provides clients with risk advisory services. We also have one of the longest-standing privacy and cyber security practices in the world, with practitioners who not only understand data and crisis, but also technology and sourcing.

Read our flyer for more about how we can support your operational resilience programme.

Financial Regulation Insights

Our new FRG blog where you will find insights, commentary and news on recent developments in financial regulation from our dedicated financial regulatory lawyers in London.

Explore the blog

Timeline and links to publications

×

September 2020 EU releases draft DORA text

×

October 2020 UK Consultations close

  • Consultation process ended on 1 October 2020

×

31 March 2022 UK Rules take effect

  • Deadline for identifying vulnerabilities in their operational resilience, identifying important business services, setting impact tolerances and carrying out mapping and testing.
  • Firms must remain within impact tolerances for each important business service as soon as possible after this date.

×

May 2022 EU concludes DORA talks

×

Q4 2022 EU to finalise DORA

  • DORA is due to become law before end-2022

×

Q4 2024 EU rules under DORA to apply

  • DORA starts to apply two years after entry into force

×

31 March 2025 All UK rules to apply

    Longstop deadline for remaining within impact tolerances.

x Find a Lawyer