What's DORA?
The Digital Operational Resilience Act (DORA) is an EU regulation (Regulation EU 2022/2554) that came into effect on the 17th January 2025.
DORA aims to ensure that the financial sector within the EU is resilient to severe operational digital disruption. The regulation will contribute to regulatory harmonisation, strengthen security and improve information sharing within the financial services sector and between the ESAs (European Supervisory Authorities).
Key pillars of DORA
Section titled “Key pillars of DORA”- ICT Risk Management
- ICT Related Incident Management, Classification and Reporting
- Digital Operational Resilience Testing
- Managing of ICT Third Party Risk a. Oversight of critical third-party providers
- Information Sharing Agreements
For more information see our blog post on DORA Five Pillars.
Scope of DORA
Section titled “Scope of DORA”DORA applies to financial entities operating in the EU and their critical third-party providers (CTPPs). Critical third-party providers are companies that provide services that support critical or important functions to the financial entities in scope of DORA.
For more information see our blog post on Who is in scope for DORA.
The information on this site is for general information purposes only and is not intended to serve as legal advice. Laws governing the subject matter may change quickly, so Guanciale Technologies Ltd cannot guarantee that all the information on this site is current or correct. Should you have specific legal questions about any of the information on this site, you should consult with a lawyer in your area.