The Digital Operational Resilience Act (Regulation (EU) 2022/2554) (“DORA” or the “Act”) is a European Union regulation intended to ensure the digital resilience of financial entities1 in the EU against Information Communication Technologies (ICT) – related incidents and operational disruptions. The European Commission completed DORA on January 16, 2023. Its requirements become effective and apply on January 17, 2025.
Scope of DORA
DORA applies to all EU “financial entities,” including banks, investment firms, credit institutions, insurance companies, crowdfunding platforms, as well as critical third parties offering ICT-related services to financial institutions such as software vendors, cloud service providers and data centers, data analytics providers, and more. Article 2 of (EU) 2022/2554 identifies the following financial entities covered by the Act.2
List of financial entities covered by the regulation:
- Credit institutions
- Payment institutions
- Account information service providers
- Electronic money institutions
- Investment firms
- Crypto-asset service…
