The Digital Operational Resilience Act (DORA) is one of the newest compliance requirements for financial institutions doing business within the European Union (EU), effective January 17, 2025. 

These organizations’ mobile apps are frontline and center. The legislation can bring significant changes to how financial companies—both in and outside the EU—manage, among other systems, their mobile apps and related digital tools. The law aims to ensure that financial organizations can detect, abate, and recover from Information and Communications Technology (ICT) events.

DORA was formerly named Regulation (EU) 2022/2554. The law was enacted in the EU on January 17, 2023, allowing two years for full adherence by 2025. It stresses the need for such businesses to strengthen their operational resilience, including within their often crucial mobile app operations.

How financial app developers & managers must comply with DORA

DORA requires financial organizations to implement rigorous measures to protect their systems against weaknesses, aiming to bolster protections against cyberattacks and minimize any ensuing operational interruptions. 

Consumers’ broad use of mobile apps for banking, investment management, and other essential financial services makes the apps themselves a target for criminals. Hackers look for account details, personal information, transaction data, and more—even, possibly, a malicious pathway into the related enterprise running the app itself.

Financial app managers that fall under DORA’s mandate must ensure they are able to:

  • Confirm that important financial data is free of unauthorized intrusion
  • Bolster defenses against cyber dangers for mobile apps and web
  • Identify and respond to suspicious activities with mobile apps in real time
  • Proactively reduce risks such as app-related weaknesses
  • Address risks associated with third-party service providers, such as supply chain attacks in mobile apps
  • Prevent non-compliance by staying ahead of legal requirements to avoid costly penalties
  • Gain the benefits of industry collaboration that helps ensure prompt insights

Even if financial organizations are not physically based within the EU, compliance is mandatory for all relevant entities that offer services within EU territory. That makes firms from nearly all parts of the world subject to its oversight, greatly widening the number of affected organizations.

Balancing security and usability in financial mobile apps

Financial organizations must make certain that mobile apps are not just secure but also user-friendly. Complex login protocols, slow operations, and other excessively constricting security measures could annoy users. This frustration could lead to poor customer experience and thus customer turnover.

Businesses must comply with DORA while balancing high-quality security and usability to maintain customer satisfaction. Therefore, DORA stands as a firm directive for the financial sector to not only further assess its digital resilience but also keep repeat customers.

While mobile apps are central for customer engagement, they also pose distinct risks. The directive requires more than standard compliance: financial institutions must instill a security-focused approach. At all times, they must balance their operational requirements with security and user satisfaction. 

Financial organizations must closely examine their cybersecurity strategies, incident recovery plans, and monitoring processes. Action items deriving from third-party risks must immediately be addressed. By complying with DORA, organizations can successfully meet regulatory standards while powerfully protecting their reputations.