Digital Operational Resilience Act (DORA)

The Digital Operational Resilience Act (DORA) is an EU regulation and a part of the European Commission’s goal to make the financial system more transparent and secure. The DORA regulation sets clear rules for financial organizations to ensure their digital systems are reliable. It also works to provide unity in terms of security rules for various IT systems among the EU countries, helping to protect the entire market from tech-related issues, such as cyberattacks.

DORA was published in 2022 and became official on 16 January 2023. The rules officially take effect on 17 January 2025. The regulation applies to financial organizations and their third-party tech service providers, including examples like investment firms or crypto-asset service providers (CASPs) and issuers of asset-referenced tokens (ARTs).

Frequently asked questions

1

What is the Scope of DORA?

Arrow

DORA applies to all financial institutions (traditional financial companies) and crypto service providers, as well as other non-traditional players like crowdfunding platforms working in the EU. It also applies to companies that offer critical third-party information services (such as credit rating agencies). 

Article 2 from DORA defines regulated entities that must comply with the regulation as:

  • Central counterparties
  • Central securities depositories
  • Credit institutions
  • Credit rating agencies
  • Account information service providers
  • Administrators of critical benchmarks
  • Crowdfunding service providers
  • Data reporting service providers
  • Electronic money institutions
  • Investment firms
  • Management companies
  • Payment institutions
  • Securitization repositories
  • Trade repositories
  • Trading venues
  • Institutions for Occupational Retirement Provision
  • Insurance intermediaries
  • Managers of alternative investment funds
  • Crypto-asset service providers and issuers of asset-referenced tokens
2

Do Small Enterprises Have the Same Requirements for DORA Compliance?

Arrow
3

Who is Exempt from the Digital Operational Resilience Act?

Arrow
4

What is the Main Objective of DORA?

Arrow
5

How Was the Situation in the EU Before DORA?

Arrow
6

What are the Four Key Categories of DORA Requirements?

Arrow
7

What is ICT Risk Management Under DORA?

Arrow

Save costs by onboarding more verified users

Join hundreds of businesses that successfully integrated iDenfy in their processes and saved money on failed verifications.

X