In this e-guide, we cover the purpose, scope and key requirements of DORA, how it impacts your organisation, and what you can do to prepare.
What is DORA?
The Digital Operational Resilience Act (DORA) is a piece of legislation set out by the EU for the financial services industry, designed to strengthen the sector’s cyber resilience and risk management. It creates a binding, comprehensive information and communication technology (ICT) risk management framework for the EU financial sector. Since January 17, 2025, DORA has established technical standards that financial entities and their critical third-party technology service providers must implement.
Who Must Comply With DORA?
DORA applies to financial entities, as well as every organisation that provides IT services to them. In all, DORA applies to more than 22,000 financial and ICT service operators functioning within the EU, as well as the ICT infrastructure supporting them from outside the EU. Critical third-country (outside the EU, e.g. UK and USA) ICT service providers to financial entities in the EU will also be required to establish a subsidiary within the EU to facilitate effective regulatory oversight.
How Do I Align with DORA?
In this guide, we also answer:
- What is the purpose and scope of DORA?
- How will DORA be enforced?
- What are the the five pillars of DORA?
- What are the key requirements of DORA?