On 17 January 2025, the Digital Operational Resilience Act (DORA) came into effect, signifying a major step up for risk management within financial services across Europe. The obligations under DORA, while directed at financial entities (FEs), have important implications for the third-parties that provide information and communications technology services to the sector, many of which are not based within the EU. In this thought leadership piece, AFME and Murex identify several areas where tech providers can support the effective implementation of DORA, including through collaborative approaches in partnership with the financial sector.

The proposals reflect the experiences of AFME members from the ongoing implementation of DORA but should not be construed as formal endorsement. Rather, the proposed avenues expose potential areas for future discussion and further exploration. In certain cases, the proposals represent longer term goals which would require an amendment to DORA’s legal text. The paper incorporates the views of Murex, a software provider with market exposure in trading, operations and risk management. This includes drawing on the insights of the Murex CISO, Thibaut Bachelier, who presented to the AFME Technology & Operations Committee at its annual Paris meeting on 30 April 2025.