Get a quote

What is the Digital Operational Resilience Act (DORA)?

The Digital Operational Resilience Act, or DORA, is a European Union (EU) regulation that creates a binding and comprehensive framework for managing information and communication technology risks in the EU financial sector. The DORA regulation sets out the technical standards that financial institutions and their critical third-party technology service providers must implement in their ICT systems by 17 January 2025.

What are the objectives of DORA regulation?

The DORA regulation has two main objectives: to comprehensively address ICT risk management in the financial services sector and to harmonise the ICT risk management regulations that already exist in the different EU Member States.

Benefits of DORA regulation for clients

The benefits of DORA for clients are the following:

  • Risk management and ICT governance
  • Incident reporting
  • Digital operational resilience testing
  • Third party risk management
  • Information sharing

What are the requirements of the Digital Operational Resilience Act (DORA)?

The DORA sets out technical requirements for financial institutions and ICT providers in four areas: risk management and ICT governance, incident response and reporting, resilience testing and third party risk management.

The requirements will be applied proportionally, which means that smaller entities will not be subject to the same standards as larger financial institutions. Although the RTS and ITS for each area are still under development, the existing legislation on the DORA regulation gives some indication of the general requirements.

Who is DORA aimed at?

Those who benefit most from the DORA regulation are the following:

Financial Entities

The financial institutions benefiting from the DORA regulation are:

  • Banks
  • Investment firms
  • Trading platforms
  • Central counterparties
  • Other financial market infrastructures

ICT Service Providers

Service providers that benefit from the DORA regulation are:

  • Cloud infrastructure service providers
  • Software service providers
  • Outsourcing service providers
  • Other providers of ICT services that are critical to the operations of financial institutions.


Third parties that benefit from the DORA regulation are:

  • Payment service providers
  • Custody service providers
  • Credit rating service providers
  • Other third parties providing services to financial institutions  

Why certify the DORA regulation with Applus+ Certification?

Applus+ Certification is an independent entity of recognised prestige whose objective is to help organisations achieve their commitment to continuous improvement.

We analyse our clients' needs so that our auditors, specialists in each sector of activity, can provide a service that provides maximum value when assessing your organisation's compliance.

Our teams develop specific certification plans based on our clients' structure, processes and activities.

Our international presence, extensive product portfolio and accreditations enable us to provide a global, expert service tailored to your organisation's needs.

Get a quote

Applus+ uses first-party and third-party cookies for analytical purposes and to show you personalized advertising based on a profile drawn up based on your browsing habits (eg. visited websites). Click HERE for more information. You can accept all cookies by pressing the "Accept" button or configure or reject their use by clicking here.

Cookie settings panel