Home

dora

DORA, the Digital Operational Resilience Act, is a regulation of the European Union designed to strengthen the resilience of the financial sector against information and communications technology (ICT) risks. It seeks to ensure that financial entities can continue operating and recover quickly from ICT disruptions, outages, or cyber threats.

Scope and applicability: DORA applies to a broad set of financial entities, including credit institutions, investment

Key requirements: Entities must establish an ICT risk management framework that covers governance, risk assessment, protection,

Governance and supervision: DORA places responsibility on the boards and senior management of entities to ensure

Relation to other rules: DORA complements broader EU cybersecurity and data protection rules, including NIS2 and

Status: Adopted in 2022, the regulation is being implemented through phased timelines, with full applicability across

firms,
financial
institutions,
payment
institutions,
electronic
money
institutions,
and
financial
market
infrastructures.
It
also
covers
critical
third-party
ICT
service
providers
that
support
these
entities.
The
regulation
aims
to
create
a
harmonized
approach
to
ICT
risk
management,
incident
handling,
and
resilience
across
EU
member
states.
detection,
response,
and
recovery.
They
must
implement
business
continuity
and
disaster
recovery
plans,
conduct
regular
ICT
resilience
testing,
and
oversee
outsourcing
and
the
use
of
critical
ICT
service
providers.
Incident
reporting
obligations
require
timely
notification
to
competent
authorities
and,
when
appropriate,
to
clients
or
counterparties.
DORA
also
promotes
information
sharing
on
cyber
threats
and
advances
standardized
practices
for
managing
ICT
risks.
effective
ICT
risk
management.
National
competent
authorities
and
European
Supervisory
Authorities
supervise
compliance,
with
enforcement
power
to
impose
remedial
measures
and
penalties.
GDPR,
by
providing
a
sector-specific
framework
focused
on
ICT
resilience
for
the
financial
industry.
the
sector
following
transitional
periods.