๐ฌ๐งUnited Kingdom
DORA compliance in United Kingdom
The UK does not apply DORA directly but has equivalent operational resilience requirements. The FCA, PRA, and Bank of England enforce the UK operational resilience framework which shares objectives with DORA.
Enforcement authority
FCA (Financial Conduct Authority) + PRA (Prudential Regulation Authority) + Bank of England
Maximum sanctions
FCA and PRA can impose unlimited fines, public censures, and business restrictions. Senior managers may face personal liability under SM&CR.
Key obligations
What DORA requires from organizations operating in United Kingdom.
Identify important business services and set impact tolerances (FCA/PRA PS21/3)
Map resources supporting important business services including third-party dependencies
Conduct scenario testing to verify ability to remain within impact tolerances
Comply with Critical Third Parties (CTPs) regime for designated ICT providers
Local context in United Kingdom
The UK operational resilience regime (effective March 2022) predates DORA but shares core concepts. Companies operating in both jurisdictions face dual compliance. The UK Critical Third Parties regime (2024) mirrors DORA's oversight of critical ICT providers.
DORA by industry in United Kingdom
Frequently asked questions
How does DORA apply in United Kingdom?
The UK does not apply DORA directly but has equivalent operational resilience requirements. The FCA, PRA, and Bank of England enforce the UK operational resilience framework which shares objectives with DORA.
Who enforces DORA in United Kingdom?
FCA (Financial Conduct Authority) + PRA (Prudential Regulation Authority) + Bank of England
What are the penalties for DORA non-compliance?
FCA and PRA can impose unlimited fines, public censures, and business restrictions. Senior managers may face personal liability under SM&CR.
Check your DORA compliance now
Run a free scan to see your risk score and applicable obligations.