Skip to main content
Glossary

DORA (Digital Operational Resilience Act)

An EU regulation establishing uniform requirements for the digital operational resilience of financial entities. DORA mandates comprehensive ICT risk management, incident reporting, resilience testing, and third-party risk oversight for banks, insurers, and their critical technology providers.

Why it matters

Financial services run on technology, and regulators have noticed. DORA creates a single, harmonized framework across the EU that replaces the patchwork of national guidelines. It applies not just to financial institutions but also to their critical ICT service providers, meaning technology vendors serving the financial sector face direct regulatory obligations for the first time. Non-compliance risks supervisory action, fines, and loss of operating licenses.

In practice

DORA compliance requires an ICT risk management framework, major incident classification and reporting within strict timelines, regular digital operational resilience testing (including threat-led penetration testing for significant entities), and a register of all ICT third-party arrangements with ongoing oversight. In vucavoid, DORA requirements can be tracked through baselines alongside other frameworks. Incident response tracking meets notification timelines, and third-party risk management addresses the ICT provider oversight provisions.

Related terms

NIS2

The EU directive expanding cybersecurity obligations with stricter requirements and management accountability.

Regulatory Compliance

Adhering to laws and government-mandated requirements. Unlike voluntary frameworks, this is not optional.

Cookie Use on Our Site

To ensure the smooth functioning of our website, we use a limited number of cookies. These cookies are essential for providing you with the services available on our website and to use some of its features. Here is a brief overview:
  • vucavoid_session: This cookie is essential for user authentication. It ensures that your session is secure and recognizes you as you navigate through our site.
  • XSRF-TOKEN: This cookie is critical for website security. It helps protect against cross-site request forgery attacks.
  • latest_marketing_banner_visible_{MARKETING_BANNER_ID}: This cookie simply remembers if you have seen our latest site banner, enhancing your browsing experience without tracking your personal data.

These cookies are strictly necessary to deliver the website, and therefore, we do not require your consent to place these cookies. For more information, please visit our Privacy Policy.