DORA

DORA (Digital Operational Resilience Act) is an EU regulation that requires financial entities and their ICT providers to ensure digital operational resilience. It has applied since 17 January 2025.

What is DORA?

DORA (Digital Operational Resilience Act) is an EU regulation (2022/2554) on digital operational resilience in the financial sector. As a regulation it applies directly in all member states without national transposition, and has applied since 17 January 2025.

Who is affected by DORA?

DORA applies to financial entities such as banks, insurers, investment firms and payment service providers, as well as to their critical ICT third-party providers. This brings IT and cloud providers into scope.

What does DORA require?

DORA requires comprehensive ICT risk management, the handling and reporting of ICT-related incidents, regular digital operational resilience testing, and management of ICT third-party risk including minimum contractual requirements.

DORA and cloud providers

If a financial entity uses cloud services, these often qualify as ICT third-party providers under DORA. The regulation's contractual and security requirements must therefore be considered when selecting and managing the provider.

How SecureCloud supports financial entities

SecureCloud offers a platform hosted in Germany that is GDPR-compliant, ISO 27001- and Trusted-Cloud-certified, BSI C5-attested and CIS-compliant, with encryption, granular access control and an audit log. This supports financial entities with their ICT security and traceability requirements under DORA.

Industry-specific implementation: financial sector, banks & fintechs.

Frequently asked questions

When does DORA apply?

DORA has applied since 17 January 2025. As an EU regulation it applies directly in all member states, without separate national transposition.

Who does DORA apply to?

DORA applies to financial entities such as banks, insurers and payment service providers, as well as to their critical ICT third-party providers, which can include cloud providers.

What is the difference between DORA and NIS2?

DORA is a sector-specific regulation for the financial sector, while NIS2 is a cross-sector directive. Where they overlap, DORA takes precedence as the more specific rule.

Erfahren Sie mehr!

Unsere Experten beantworten Ihnen gerne alle Fragen.

Elevating business.