Financial Resiliency: How Europe Will Regulate Third-Party IT

New landmark legislation will place some information and communications technology (ICT) providers under financial regulators’ authority for the first time.

When it comes to investing in digital resiliency, two sectors are known to spend more, proportionally, than all the others: professional IT service operators and financial services.

The critical role of these industries makes these investments necessary. But outages do still occur and when they do, they are often disproportionately expensive and disruptive.

The importance of these sectors and the disruption that IT failures can cause, means that regulators and governments are increasingly concerned about the resiliency of these sectors’ digital infrastructure.

However, there is a disconnect: while the financial industry is strictly regulated, the cloud/data center service companies, on which they are so dependent, are generally far less regulated.

In Europe, this imbalance is starting to change and is influencing regulators around the world. New laws are in the pipeline that will mean third-party service providers (TSPs) of digital services — including colo, software as a service and cloud providers, and hosting companies — become much more tightly regulated and accountable for their security and resiliency.

This report will look into the key elements and expected impacts of the European Union’s Digital Operational Resilience Act (DORA), which is expected to be passed in 2022, after which EU member states will have a year to comply with the legislation.

Report Authors:

  • Andy Lawrence, Executive Director of Research at Uptime Institute
  • Douglas Donnellan, Research Associate at Uptime Institute


Download the Report

Fill out the form below to download the report.
Legislation Update

EU’s Digital Operational Resilience Act Enacted 16 January 2023

The EU's Digital Operational Resilience Act (“DORA”) entered into force on 16 January 2023. Uptime Institute has tracked this legislation and its widespread impact on digital infrastructure owners, operators and providers since its initial draft published in 2020.  Read more about this important legislation below.

Read the Update

Report Preview

Fill out the form above to download the full 7-page report