Digital Operational Resilience Act (Regulation (EU) 2022/2554)
In application since 17 January 2025
DORA is the EU's digital operational resilience regime for the financial sector: ICT risk management, incident reporting, resilience testing, and — its sharpest edge — direct oversight of critical third-party ICT providers. It applies to banks, payment and e-money institutions, investment firms, crypto-asset service providers and insurers operating in the EU.
Since 17 January 2025 DORA applies directly, and supervisory attention has shifted to implementation detail: registers of information, threat-led penetration testing, subcontracting chains and incident-classification practice. Third-country firms serving EU clients feel it through their EU entities and vendors.
This page tracks DORA-related supervisory publications, guidance and equivalent operational-resilience regimes emerging in other jurisdictions, updated same-day.
Summary of the RTGS CHAPS Industry Forum
United Kingdom
BOE
ICT Self-Assessment Tool 2026
Ireland
CBI
Law on Markets in Financial Instruments
Bulgaria
FSC
Superintendent Resolution No. 059-2026-SMV/02
Peru
SMV
Law on Crypto-Asset Markets
Bulgaria
FSC
The Bank, FCA and HM Treasury joint statement on Frontier AI models and cyber resilience
United Kingdom
BOE
GFSC Guidance Note on Outsourcing and Third Party Risk Management for Banks and Insurers
Gibraltar
GFSC
Notice of Consultation Paper Release: CP 170
United Arab Emirates
DFSA
Supervisory Expectations for CASPs
Ireland
CBI
Guide to Submitting DORA Registers of Information on the Central Bank of Ireland Portal
Ireland
CBI
Circular RUNOR 1-1947 CREFI 2-143: Minimum Requirements for the Management and Control of Technology and Information Security Risks. Expansion to Financial Entities. Update.
Argentina
BCRA
Final report on guidelines on internal controls for benchmark administrators, credit rating agencies and market transparency infrastructures
European Union
ESMA
Omni-Risk Return Industry Workshop Presentations
South Africa
FSCA
Regulation on Minimum Requirements for the Anti-Fraud System Against Internal and External Fraud in Payment Organizations/Payment System Operators of the Kyrgyz Republic
Kyrgyzstan
NBKR
Digital Dependency in the Financial Sector
Netherlands
AFM
Guidelines on the Responsible Use of Artificial Intelligence in Financial Services
Mauritius
FSC
Regulations amending Finansinspektionen’s regulations regarding occupational pension undertakings (FFFS 2024:32)
Sweden
FI
Regulations amending Finansinspektionen’s rules on electronic money institutions regarding DORA compliance
Sweden
FI
Regulations amending Finansinspektionen’s regulations and general guidelines governing payment institutions and registered payment service providers
Sweden
FI
Regulations amending Finansinspektionen’s regulations regarding Swedish UCITS
Sweden
FI
Finansinspektionen Regulations on DORA Incident Reporting and Contractual Registers
Sweden
FI
Regulations amending Finansinspektionen’s rules on operations on trading venues
Sweden
FI
Regulations amending supervisory reporting for insurance business (FFFS 2024:30)
Sweden
FI
Regulations amending supervisory reporting for institutions for occupational pension retirement provision
Sweden
FI
Regulations amending Finansinspektionen’s regulations regarding activities of payment service providers
Sweden
FI
Recovery Plans for Licensed Banks
Sri Lanka
CBSL
Operational Resilience Framework for Futures Commission Merchants, Swap Dealers, and Major Swap Participants; Withdrawal of Proposed Regulatory Action
United States
CFTC
BCRA Communication A 8315: Guidelines for Risk Management in Financial Entities. Results Distribution. Update of Ordered Texts.
Argentina
BCRA
Regulation on Information Systems and Cyber Risk Management
Kosovo
CBK
Integrated Management Systems Policy Statement
Nigeria
NDIC
Showing the 30 most recent of 162.