DORA resource hub

Free DORA compliance advice and insights

What is DORA?

DORA (Digital Operational Resilience Act) sets out a harmonised approach to digital operational resilience across the EU’s financial sector.

Read more

Who does it apply to?

DORA applies to the EU’s financial sector and suppliers of ICT services to that sector – wherever those suppliers are based.

Read more


17 January 2025




00 Minutes


What are the requirements of DORA?

DORA outlines requirements for:

  • ICT risk management;
  • Incident reporting;
  • Digital operational resilience testing;
  • Information sharing; and
  • Third-party risk management.

It also covers:

  • Contractual arrangements between financial entities and ICT third-party service providers;
  • An oversight framework for critical ICT third-party service providers; and
  • Cooperation among supervisory authorities, and supervision/enforcement rules.

Additional technical details will be provided by the European supervisory authorities (EBA, EIOPA, ESMA). Until then, refer to the DORA regulation for comprehensive information on expected requirements.

Free resources


Risk Management under the DORA Regulation

"The financial sector is quite heavily regulated, and involves a lot of confidential data. You’d therefore expect that the sector fares better at data security than your average organisation..."

Continue reading

Expert Insight: Cliff Martin

"Cliff Martin is the head of cyber incident response within GRCI Law. We sat down to talk to him about the second core requirement of DORA: incident management. For more details on..."

Continue reading

The Third-Party Threat for Financial Organisations

DORA’s supply chain security requirements

"IT Governance’s research for November 2023 found that 48% of the month’s incidents originated from the supply chain (i.e. were third-party attacks). For Europe, this number rises to 61%..."

Continue reading


DORA compliance and what it means for the financial sector 

Find out more

Strengthening Operational Resilience Under DORA

Find out more

Demonstrating compliance with DORA 

Find out more


Data breach and cyber attack reports

Fact Sheet: EU Digital Operational Resilience Act

Download now

Speak to a DORA expert

We can advise on cyber security and information security best practice. We can also provide an independent, expert assessment of your security and the extent to which it conforms to DORA’s requirements.

Call us now on +44 (0)127 540 0192 or request a call back using the form below

Contact us

This website uses cookies. View our cookie policy
SAVE 10%