DORA through the industry’s eyes: insights from Worldline’s webinar audience

Current perspective on DORAThe responses from the webinar audience revealed a generally positive outlook on DORA. Most participants see it as an opportunity to strengthen operational resilience within their organizations. Many also recognize its potential to improve services for clients, while a smaller group view DORA as a regulatory burden or a compliance challenge that can be managed with reasonable effort. This mix of optimism and caution highlights both the promise and the practical realities of DORA implementation, as organizations weigh the benefits against the challenges of adapting to new regulatory requirements.

Where does the market stand?
When asked about their organization’s current level of compliance with DORA, attendees revealed a wide spectrum of readiness. Many organizations are actively working towards compliance, updating policies and processes to meet the new standards. Some are close to meeting requirements, with only minor gaps remaining, while several are still assessing where they stand and what needs to be done through gap analyses and remediation planning. A notable portion of the audience indicated that they are at the very start of their DORA journey, just beginning to assess the impact of the regulation. There are also a few organizations that have already achieved full compliance, demonstrating that while the path to compliance is complex, it is achievable with the right approach.

Biggest hurdles in achieving complianceThe journey to DORA compliance is not without its challenges. Attendees identified several recurring issues, including the difficulty of understanding the requirements and implementing operational resilience processes. Interpreting the regulation and translating it into actionable steps is a major hurdle for many. Organizations also struggle to allocate sufficient resources and foster collaboration across departments, which is essential for effective compliance. Mapping out essential business processes and managing external partners, particularly ICT and third-party providers, presents another significant challenge.

Conducting resilience testing and preparing for incidents requires ongoing effort and attention. For pan-European organizations, navigating regulatory differences across EU member states adds another layer of complexity. Finally, driving governance, cultural change, and embedding digital operational resilience into the fabric of the organization is a long-term endeavor that requires commitment at all levels.

Investments in DORA implementationInvestment levels in DORA implementation vary widely across the industry. Some organizations are taking a conservative approach, allocating only minimal resources to meet basic requirements. Many are balancing investment with other priorities, making steady progress with reasonable budgets and incremental improvements. A smaller group have made DORA a strategic priority, dedicating substantial resources and forming dedicated teams to drive compliance.

There are also organizations that have yet to formally commit significant resources, reflecting their early-stage engagement with the regulation. This diversity in investment strategies suggests that while DORA is on the radar for most, the level of commitment depends on organizational priorities, size, and risk appetite.

Key takeaways and the road aheadThe webinar audience’s responses paint a nuanced picture of DORA’s impact. While there is broad recognition of its value in strengthening operational resilience, organizations are at different stages of compliance and face a range of challenges. Investment levels also vary, indicating that DORA implementation is a journey, not a destination. For financial institutions and service providers, these insights highlight the importance of a strategic, well-resourced approach to DORA. Success will depend not just on meeting regulatory requirements, but on embedding operational resilience into the fabric of the organization.