Digital Operational Resilience Act.
DORA establishes uniform requirements for digital operational resilience in the EU financial sector. It mandates ICT risk management frameworks, incident reporting, resilience testing (including threat-led penetration testing), and third-party ICT provider oversight - ensuring financial institutions can withstand, respond to, and recover from ICT disruptions.
Maximum penalty
€5M or 1% global turnover
Source: Article 50
Key requirements
ICT risk management framework with board accountability
Major ICT incident reporting to competent authorities
Digital operational resilience testing (TLPT for significant entities)
Third-party ICT provider risk management and oversight
+3 more requirements in the complete guide.
Get the full DORA compliance guide →Enforcement examples
Application date January 2025
Financial entities must comply from January 17, 2025; ESAs conducting readiness assessments
-
2025
How Tessera automates DORA compliance
ICT risk management framework mapping and gap analysis
Automated incident classification and regulatory reporting
Third-party provider register with concentration risk monitoring
Resilience testing evidence collection and scheduling
Board-level operational resilience dashboard
DORA compliance checklist
Essential steps to achieve and maintain DORA compliance.
Establish ICT risk management framework with board oversight
Implement major incident classification and reporting process
Maintain register of third-party ICT service providers
+4 more steps in the full checklist.
Get your complete DORA compliance checklist - free →Industries affected
Calculate your DORA exposure.
See exactly how DORA penalties apply to your revenue and industry profile.