DORA (Digital Operational Resilience Act)

The Digital Operational Resilience Act (Regulation (EU) 2022/2554, in force from 17 January 2025) creates a binding ICT risk-management framework for the EU financial sector. It applies to 20 categories of financial entity and to their critical ICT third-party service providers: including, in many cases, virtual data room providers.

See DORA for VDRs.

Published: May 2026. Updated: 18 June 2026.