The Digital Operational Resilience Act (DORA) is an EU regulation that strengthens digital resilience in the financial sector.1
It establishes a harmonized framework for information and communication technology (ICT) risk management, incident handling, resilience testing, and oversight of third-party ICT providers.1
DORA applies to a broad range of financial entities, including banks, insurers, investment firms, payment institutions, e-money institutions, crypto-asset service providers, and market infrastructure operators.1
A key purpose of the regulation is to reduce systemic vulnerability to cyber threats and technology-related disruptions across the financial ecosystem, including external technology suppliers.1