Skip to content
DORA
Digital Operational Resilience
Primary Navigation Menu
Menu
DORA Regulation
DORA Recitals
CHAPTER I – General provisions
Article 1 DORA – Subject matter
Article 2 DORA – Scope
Article 3 DORA – Definitions
Article 4 DORA – Proportionality principle
CHAPTER II – ICT risk management
Article 5 DORA – Governance and organisation
Article 6 DORA – ICT risk management framework
Article 7 DORA – ICT systems, protocols and tools
Article 8 DORA – Identification
Article 9 DORA – Protection and prevention
Article 10 DORA – Detection
Article 11 DORA – Response and recovery
Article 12 DORA – Backup policies and procedures, restoration and recovery procedures and methods
Article 13 DORA – Learning and evolving
Article 14 DORA – Communication
Article 15 DORA – Further harmonisation of ICT risk management tools, methods, processes and policies
Article 16 DORA – Simplified ICT risk management framework
CHAPTER III – ICT-related incident management, classification and reporting
Article 17 DORA – ICT-related incident management process
Article 18 DORA – Classification of ICT-related incidents and cyber threats
Article 19 DORA – Reporting of major ICT-related incidents and voluntary notification of significant cyber threats
Article 20 DORA – Harmonisation of reporting content and templates
Article 22 DORA – Supervisory feedback
Article 23 DORA – Operational or security payment-related incidents concerning credit institutions, payment institutions, account information service providers, and electronic money institutions
CHAPTER IV – Digital operational resilience testing
Article 24 DORA – General requirements for the performance of digital operational resilience testing
Article 25 DORA – Testing of ICT tools and systems
Article 26 DORA – Advanced testing of ICT tools, systems and processes based on TLPT
Article 27 DORA – Requirements for testers for the carrying out of TLPT
CHAPTER V – Managing of ICT third-party risk
Article 28 DORA – General principles
Article 29 DORA – Preliminary assessment of ICT concentration risk at entity level
Article 30 DORA – Key contractual provisions
Article 31 DORA – Designation of critical ICT third-party service providers
Article 32 DORA – Structure of the Oversight Framework
Article 33 DORA – Tasks of the Lead Overseer
Article 34 DORA – Operational coordination between Lead Overseers
Article 35 DORA
Article 36 DORA – Exercise of the powers of the Lead Overseer outside the Union
Article 37 DORA – Request for information
Article 38 DORA – General investigations
Article 39 DORA – Inspections
Article 40 DORA – Ongoing oversight
Article 41 DORA – Harmonisation of conditions enabling the conduct of the oversight activities
Article 42 DORA – Follow-up by competent authorities
Article 43 DORA – Oversight fees
Article 44 DORA – International cooperation
CHAPTER VI – Information-sharing arrangements
Article 45 DORA – Information-sharing arrangements on cyber threat information and intelligence
CHAPTER VII – Competent authorities
Article 46 DORA – Competent authorities
Article 47 DORA – Cooperation with structures and authorities established by Directive (EU) 2022/2555
Article 48 DORA – Cooperation between authorities
Article 49 DORA – Financial cross-sector exercises, communication and cooperation
Article 50 DORA – Administrative penalties and remedial measures
Article 51 DORA – Exercise of the power to impose administrative penalties and remedial measures
Article 52 DORA – Criminal penalties
Article 53 DORA – Notification duties
Article 54 DORA – Publication of administrative penalties
Article 55 DORA – Professional secrecy
Article 56 DORA – Data Protection
CHAPTER VIII – Delegated acts
Article 57 DORA – Exercise of the delegation
CHAPTER IX – Transitional and final provisions
Article 58 DORA – Review clause
Article 59 DORA – Amendments to Regulation (EC) No 1060/2009
Article 60 DORA – Amendments to Regulation (EU) No 648/2012
Article 61 DORA – Amendments to Regulation (EU) No 909/2014
Article 62 DORA – Amendments to Regulation (EU) No 600/2014
Article 64 DORA – Entry into force and application
Article 63 DORA – Amendment to Regulation (EU) 2016/1011
DORA RTS
RTS RMF
RTS TPPol
RTS SUB
RTS TLPT
RTS CTIR
RTS CCI
RTS Conduct of the oversight activities
DORA ITS
ITS RoI
ITS TIR
ESAs
EBA
EIOPA
ESMA
NCAs
AMF
BaFin
CBI
CSSF
DNB
FMA
FMA Liechtenstein
NBB
DORA implementation
Governance and organisation
Information risk and information security management
IT operations
ICT business continuity management
ICT project management and application development
ICT third-party risk management
Operational information security
Identity and access management
Minimum contractual clauses
DORA On-Demand
DORA ICT Risk Control function
DORA Practitioner
DORA Internal Audit function
DOR Testing
DOR Training
Foundations of Digital Operational Resilience
Incident Detection, Reporting & Crisis Conduct
ICT Response & Recovery Plans
Business Continuity & DOR Testing
Senior Management Module
ICT Security Awareness Trainings
Basic Security Awareness Training
Advanced Security Awareness Training
Security Awareness for Senior Management
Security Awareness for ICT Third-Party Service Providers
DORA Suite
DORA Masterclass
DORA Hotline
DORA Pit Stop
DORA Inspection
DORA Toolkit
CHAPTER VIII – Delegated acts
CHAPTER VIII – Delegated acts
Article 57 DORA – Exercise of the delegation
2025-12-03