women looking at a credit card
Ensuring the cybersecurity and resilience of financial institutions

Digital Operational Resilience Act (DORA)

Strengthening the cybersecurity and resilience of financial institutions in the EU

In recent years, the EU has pushed forward several initiatives to increase the IT security and resilience of various industries, such as the NIS2 Directive or the Cyber Resilience Act

As financial institutions are part of the critical infrastructure, the EU Commission has also published a specific framework for this sector, the Digital Operational Resilience Act (short DORA), which aims to ensure the resilience of financial institutions and insurance companies in the event of IT-related operational disruptions.

DORA is a regulatory framework that outlines requirements that financial institutions must follow in order to achieve a common level of security for their network and information systems as well as to their incident response. 

Thereby, DORA applies requirements to the following categories:

  • Information and communication technology (ICT) risk management;
  • Reporting of major ICT-related incidents and notifying, on a voluntary basis, significant cyber threats to the competent authorities;
  • Reporting of major operational or security payment-related incidents to the competent authorities by financial entities referred to in Article 2(1), points (a) to (d);
  • Digital operational resilience testing;
  • Information and intelligence sharing in relation to cyber threats and vulnerabilities;
  • Measures for the sound management of ICT third-party risk.

Timeframe of DORA

The Digital Operational Resilience Act (DORA) became effective on January 16, 2023, with a 24-month grace period. Covered entities will be required to comply as of January 17, 2025.

Who is affected?

Article 2 of the regulation defines the following entities that need to comply:

  • Credit and payment institutions,
  • Account information service providers,
  • Electronic money institutions,
  • Investment firms,
  • Crypto-asset service providers,
  • Insurance and reinsurance undertakings,
  • Insurance intermediaries, reinsurance intermediaries and ancillary insurance intermediaries,
  • ICT third-party service providers,
  • And more.

The full list of affected organizations can be found in article 2 – Scope.

The details on ICT-related risks and how to comply

DORA is divided into the following sections:

  • Subject matter,
  • Scope,
  • Definitions,
  • Proportionality principle,
  • ICT risk management,
  • ICT-related incident management, classification, and reporting,
  • Digital operational resilience testing,
  • Managing of ICT third-party risk,
  • Oversight Framework of critical ICT third-party service providers,
  • Information-sharing arrangements,
  • Competent authorities,
  • Delegated acts.

Access the full regulation text here

Utimaco’s cybersecurity and compliance solutions help affected organizations comply with DORA’s requirements for ICT risk management as well as ICT-related incident management, classification, and reporting.

Minimize ICT-related risks with reliable file and folder encryption in place.

DORA Compliance


Póngase en contacto con nosotros

Estaremos encantados de responder a sus preguntas.

¿En qué podemos ayudarle?

Hable con uno de nuestros especialistas y descubra cómo Utimaco puede ayudarle hoy mismo.
Ha seleccionado dos tipos diferentes de Download, por lo que necesita presentar formularios diferentes que puede seleccionar a través de las dos pestañas.

Su(s) solicitud(es) de Download:

    Al enviar el siguiente formulario, recibirá enlaces a las descargas seleccionadas.

    Su(s) solicitud(es) de Download:

      Para este tipo de documentos, es necesario verificar su dirección de correo electrónico. Recibirá los enlaces a las Download seleccionadas por correo electrónico después de enviar el siguiente formulario.

      Su colección de solicitudes de Download está vacía. Visite nuestra sección Download y seleccione recursos como fichas técnicas, White Paper, grabaciones de seminarios web y mucho más.