Overview of key EU regulations in the digital area

Digital Operational Resilience Act

Financial entities and related ICT providers need to comply with the Digital Operational Resilience Act by 17 January 2025. In addition to the regulation, several DORA technical standards (RTS) have been published. In the table on this page you’ll find all the last relevant documents. This table has been last updated in August 2024. In case any new materials are published by the European Supervisory Authorities (ESA’s)  this page accordingly.

The aim of this page is provide for easy access to all relevant resources, happy reading!

NEW

Answer 8 questions to easily determine if an incident needs to be reported to the competent authorities under DORA.

DORA Incident Classification Tool
Document title Topic
Digital Operational Resilience Act
Main Act
Final Report on draft RTS on classification of major incidents and significant cyber threats
Major incidents
Final report on draft RTS on the content of the notification and reports for major incidents and significant cyber threats and determining the time limits for reporting major incidents; and draft ITS on the standard forms, templates and procedures for financial entities to report a major incident and to notify a significant cyber threat
Major incidents
Final report on draft RTS to specify the policy on ICT services supporting critical or important functions
Policy
Final report on draft RTS on Register of Information
Register of Information (third parties)
Register Information Templates Illustration
Register of Information (third parties)
Final report on draft RTS on ICT Risk Management Framework and on simplified ICT Risk Management Framework
ICT Risk Management Framework
Final report on draft RTS to specify the elements which a financial entity needs to determine and assess when subcontracting ICT services supporting critical or important functions
Subcontracting
Final Report on draft RTS specifying elements related to threat led penetration tests
Threat Led Penetration Testing
Final Report on Joint guidelines on the estimation of aggregated annual costs and losses caused by major ICT-related incidents
Cost/losses of major incidents
Final Report on draft RTS on the harmonisation of conditions enabling the conduct of the oversight activities
Oversight harmonisation
Final Report on Joint Guidelines on the oversight cooperation and information exchange between the ESAs and the competent authorities
Oversight cooperation and information exchange

Want to receive DORA updates?

This website is powered by RiskNow – The Governance, Risk and Compliance (GRC) SaaS solution with the ultimate user experience. Get rid of your legacy GRC system and join us!

Disclaimer: the information on this website is for informational purposes only. While we strive to ensure the accuracy and reliability of the information, we are not liable for any errors or omissions. For the most accurate and official information, we kindly refer to the official website of the European Union.