The Digital Operational Resilience Act (DORA) is an EU regulation and a part of the European Commission’s goal to make the financial system more transparent and secure. The DORA regulation sets clear rules for financial organizations to ensure their digital systems are reliable. It also works to provide unity in terms of security rules for various IT systems among the EU countries, helping to protect the entire market from tech-related issues, such as cyberattacks.
DORA was published in 2022 and became official on 16 January 2023. The rules officially take effect on 17 January 2025. The regulation applies to financial organizations and their third-party tech service providers, including examples like investment firms or crypto-asset service providers (CASPs) and issuers of asset-referenced tokens (ARTs).