Digital Operational Resilience Act DORA

What you need to know.

• 5 pillars: ICT risk management, incident reporting, digital operational resilience testing, third-party risk, information sharing
• Applies to: banks, insurance, investment firms, crypto-asset service providers
• Critical third-party providers (CTPPs) designated by ESAs
• Annual ICT risk assessment required
• Major ICT incident reporting within strict timelines