Digital Operational Resilience Act ('DORA')

Overview: 

The European Union's Regulation on Digital Operational Resilience in the EU financial services sector ("DORA") is designed to consolidate and upgrade Information and Communications Technology (ICT) risk management requirements throughout the financial sector to ensure that all participants are subject to a common set of standards. DORA aims to ensure that all participants in the financial system have the necessary safeguards in place to withstand ICT-related disruptions and threats. It also introduces an oversight framework for critical third-party providers, such as cloud service providers.

DORA covers a broad range of financial institutions, including credit institutions, payment institutions, e-money institutions, investment firms, crypto-asset service providers, central securities depositories, managers of alternative investment funds (AIFMs), UCITS management companies, administrators of critical benchmarks, crowdfunding service providers, and ICT third-party service providers. Many companies that have not previously been subject to specific ICT regulations are within the scope of DORA.

The Regulation has applied since 17 January 2025.

Members interested in historical documentation and implementation materials related to DORA can access those via the link below.