Banks face tough new security standards in the EU — their tech suppliers are under scrutiny, too

Financial services companies and their digital technology suppliers are under intense pressure to achieve compliance with strict new rules from the EU that require them to boost their cyber resilience.

By the start of next year, financial services firms and their technology suppliers will have to make sure that they're in compliance with a new incoming law from the European Union known as DORA, or the Digital Operational Resilience Act.

CNBC runs through what you need to know about DORA — including what it is, why it matters, and what banks are doing to make sure they're prepared for it.

DORA requires banks, insurance companies and investment to strengthen their IT security. The EU regulation also seeks to ensure the financial services industry is resilient in the event of a severe disruption to operations.

Such disruptions could include a ransomware attack that causes a financial company's computers to shut down, or a DDOS (distributed denial of service) attack that forces a firm's website to go offline. 

The regulation also seeks to help firms avoid major outage events, such as the historic IT meltdown last month caused by cyber firm CrowdStrike when a simple software update issued by the company forced Microsoft's Windows operating system to crash. 

Multiple banks, payment firms and investment companies — from JPMorgan Chase and Santander, to Visa and Charles Schwab — were unable to provide service due to the outage. It took these firms several hours to restore service to consumers.

In the future, such an event would fall under the type of service disruption that would face scrutiny under the EU's incoming rules.

Mike Sleightholme, president of fintech firm Broadridge International, notes that a standout factor of DORA is