Article details
The Digital Operational Resilience Act (DORA), enacted in January 2025, has forced financial institutions, including forex brokers, to enhance their cybersecurity and operational resilience. However, a year later, many brokers—particularly CFD providers—remain unprepared, with only a handful of EU institutions achieving full compliance. The recent Cloudflare outage in November 2025, which disrupted major brokers like Monaxa and Skilling, highlighted systemic vulnerabilities. Under DORA, such incidents must be reported if they affect 10% of clients, 100,000 users, or cause over €100,000 in losses. Despite this, Cyprus’s CySEC noted widespread misreporting of ICT incidents in January 2026, indicating ongoing compliance gaps. For forex traders and brokers, DORA’s enforcement raises compliance costs and operational risks. The Cloudflare incident alone cost brokers nearly 1% of monthly trading volume, underscoring the financial impact of cyber disruptions. Traders may face reduced service reliability until firms invest in robust infrastructure. Regulators are likely to impose stricter penalties for non-compliance, increasing pressure on brokers to prioritize cybersecurity. The next critical phase involves monitoring how brokers adapt to DORA’s requirements. Gulf and MENA investors should watch for increased cybersecurity investments in regional forex platforms and potential regulatory alignment with EU standards. Brokers failing to meet deadlines risk losing licenses, while proactive firms may gain a competitive edge. The focus on incident reporting and resilience will shape the forex market’s stability in 2026.
