DORA has applied to all financial entities in the EU since January 2025. With fines of up to 1% of daily turnover and direct supervisory scrutiny, DORA is not something that can be postponed.
Request ConsultationThe Digital Operational Resilience Act (DORA) is an EU regulation that has applied since January 2025 to banks, insurers, investment firms, payment service providers and other financial market participants. DORA sets specific requirements for ICT risk management, incident reporting and — particularly importantly — the management of ICT third-party risks.
The most demanding part of DORA is the management of ICT third-party risks. Financial entities must maintain a complete register of all ICT third-party providers, identify critical providers, adjust contracts and ensure continuous monitoring.
Technology Partner for DORA Art. 28-44
For DORA-compliant ICT third-party risk management, we use 360TPRM by Darkscope — automatic ICT third-party register, continuous monitoring and complete audit documentation for regulatory inspections.
DORA & 360TPRM →DORA is lex specialis relative to NIS2 — for ICT-specific requirements, DORA takes precedence. However, financial entities are subject to both regulations simultaneously. For physical security and non-ICT supply chains, NIS2 remains fully in force. We advise you on both frameworks in an integrated approach.