Skip to main content

Overview

FieldValue
CELEX32022R2554
StatusActive
Articles64
Recitals106
EUR-LexView Official Text

Compliance Deadlines

DateTypeDescription
2023-01-16Entry into forceRegulation enters into force
2025-01-17Full applicationFull application of all requirements

Stakeholder Roles

DORA defines obligations for the following stakeholder roles:
  • manufacturer - ICT service providers and tool developers
  • importer - Entities importing ICT services into the EU
  • distributor - Financial entities using ICT services
  • authorized_representative - EU representatives for third-country providers
  • notified_body - Oversight bodies for critical ICT providers
  • market_surveillance - Competent authorities and ESAs
  • consumer - Financial service end users

Requirement Types

Requirements in DORA are classified as:
  • obligation - Mandatory ICT risk management requirements
  • prohibition - Restricted practices and dependencies
  • right - Rights of financial entities and users
  • procedure - Incident reporting and testing procedures
  • general - General provisions and definitions

API Usage

Key Topics

  • ICT risk management framework
  • ICT-related incident reporting
  • Digital operational resilience testing
  • ICT third-party risk management
  • Information and intelligence sharing
  • Critical ICT third-party provider oversight