The Definitive Reference
Digital Operational Resilience Act
The complete regulatory reference for DORA compliance. 64 articles analyzed, 5 operational pillars mapped, cross-referenced with RTS/ITS technical standards.
Based on Regulation (EU) 2022/2554
Published in the Official Journal, 27 December 2022
Applicable since 17 January 2025
Why It Matters
Operational Resilience Is No Longer Optional
The Digital Operational Resilience Act represents the most significant regulatory shift for financial sector ICT governance in a decade.
22,000
financial entities in scope across 27 EU member states
Source: DORA Recital (3)
20 categories
of regulated financial entities under DORA Article 2
Source: Art. 2(1)(a)-(t)
17 Jan 2025
full application date — no transition period remains
Source: Art. 64
The Framework
Five Pillars of Digital Resilience
DORA organizes operational resilience requirements into five interconnected pillars, each addressing a critical dimension of digital risk management for financial entities.
ICT Risk Management Framework
Establishes comprehensive requirements for financial entities to identify, protect against, detect, respond to, and recover from ICT-related disruptions. Mandates a robust governan...
ICT-Related Incident Management
Requires financial entities to establish and implement an incident management process for detecting, managing, and reporting ICT-related incidents. Introduces harmonized classifica...
Digital Operational Resilience Testing
Mandates that financial entities establish testing programmes proportionate to their size and risk profile to assess preparedness for ICT disruptions. Includes requirements for bas...
ICT Third-Party Risk Management
Addresses the risks arising from reliance on ICT third-party service providers. Establishes principles for sound management of third-party risk including due diligence, contractual...
Information Sharing
A single-article chapter that encourages financial entities to voluntarily exchange cyber threat intelligence and information about ICT-related vulnerabilities, tactics, techniques...
Case Studies
Real-World DORA Transformations
How financial institutions across Europe are achieving operational resilience compliance — with measurable outcomes.
The 2025 Iberian Blackout: DORA's First Real-World Stress Test
On April 28, 2025, a cascading power failure knocked out 15 GW across Spain and Portugal in five seconds, plunging 60 million people into darkness and crippling financial services infrastructure for hours — just three months after DORA became applicable.
People Affected
ION Trading Group Ransomware Attack: When a Critical Derivatives Infrastructure Provider Goes Dark
On January 31, 2023, the LockBit ransomware group attacked ION Trading Technologies, a Dublin-based provider of critical derivatives trading infrastructure, forcing 42 clients including major clearing firms to revert to manual processing.
Clients Affected
Insights
Expert Analysis & Guides
Deep dives into DORA compliance, regulatory strategy, and operational resilience best practices.
DORA Readiness Gaps: What Supervisors Will Examine First
With DORA (EU) 2022/2554 in force since January 17, 2025, approximately 22,000 EU financial entities per Recital 3 now face supervisory scrutiny across five operational resilience ...
Read more
Why Spreadsheets Fail DORA Compliance: The Operational Reality
With 22,000 EU financial entities now in scope per DORA Recital 3, institutions relying on spreadsheets for compliance face a structural mismatch between their tooling and the regu...
Read morePowered by Valendir
Ready to operationalize your DORA compliance?
Valendir is the Operational Resilience OS trusted by regulated financial institutions to govern, test, prove, and report their compliance posture.
Enterprise-grade · Bank-ready · DORA-native · On-premise capable