DORA (Digital Operational Resilience Act)

The Digital Operational Resilience Act (Regulation (EU) 2022/2554, in force from 17 January 2025) creates a binding ICT risk-management framework for the EU financial sector. It applies to 20 categories of financial entity and to their critical ICT third-party service providers — including, in many cases, virtual data room providers.