DORA
DORA (Digital Operational Resilience Act) is an EU regulation that establishes uniform requirements for digital resilience in the financial sector. Its goal is to ensure that banks, insurers, investment firms and their technology suppliers can withstand, respond to and recover from all kinds of ICT-related disruptions and threats. DORA requires, among other things. comprehensive ICT risk management, operational resilience testing (including advanced TLPT penetration testing), ICT vendor risk management, incident reporting, and threat information sharing.
The regulation went into effect on January 16, 2023. and has been directly applicable (without the need for transposition) since January 17, 2025. This means that as of that date, entities covered by DORA must fully comply with its requirements.
DORA covers virtually the entire financial sector: banks, insurance and reinsurance companies, investment firms, payment institutions, e-money institutions, investment funds, central counterparties (CCPs), trade repositories, crowdfunding platforms, cryptocurrency service providers, and, crucially, third-party ICT service providers to these entities (cloud companies, software providers, data centers, managed service providers). If your company provides technology or IT services to the financial sector, DORA most likely applies to you as well.
Penalties for financial institutions are set by national financial supervisory authorities (in Poland – the FSA) in accordance with national regulations. For critical third-party ICT service providers under direct EU supervision, the regulation provides for periodic penalties of up to 1% of average daily global turnover for each day of non-compliance – for a period not exceeding 6 months. These fines can be up to €5 million. In addition, regulators may prohibit managers from serving as managers.
Our Regulatory Compliance Report will precisely map DORA requirements to your situation – from ICT risk management, to vendor contracts, to testing and reporting responsibilities. Each requirement documented with a quote from the regulation, with status of fulfillment and indication of priorities. Ideal preparation for discussions with the regulator or auditor. From 499 PLN net, report ready in 48 hours.
