DORA

Digital Operational Resilience Act (Regulation (EU) 2022/2554)

In application since 17 January 2025

DORA is the EU's digital operational resilience regime for the financial sector: ICT risk management, incident reporting, resilience testing, and — its sharpest edge — direct oversight of critical third-party ICT providers. It applies to banks, payment and e-money institutions, investment firms, crypto-asset service providers and insurers operating in the EU.

Since 17 January 2025 DORA applies directly, and supervisory attention has shifted to implementation detail: registers of information, threat-led penetration testing, subcontracting chains and incident-classification practice. Third-country firms serving EU clients feel it through their EU entities and vendors.

This page tracks DORA-related supervisory publications, guidance and equivalent operational-resilience regimes emerging in other jurisdictions, updated same-day.

Instrument:
Regulation (EU) 2022/2554 — directly applicable
In application:
17 January 2025
Scope:
Banks, PSPs/EMIs, investment firms, CASPs, insurers + critical ICT providers
Analogues:
APRA CPS 230 (AU), Bank of England/PRA operational-resilience rules (UK)

Email alerts for DORA updates

New circulars, rules and guidance — a digest in your inbox, same day.

Latest tracked documents (162)

2026-06-15

Summary of the RTGS CHAPS Industry Forum

Bank of England

United Kingdom

BOE

2026-06-11

ICT Self-Assessment Tool 2026

Central Bank of Ireland

Ireland

CBI

2026-06-08

Law on Markets in Financial Instruments

Financial Supervision Commission Bulgaria

Bulgaria

FSC

2026-05-29

Superintendent Resolution No. 059-2026-SMV/02

Superintendencia del Mercado de Valores (Peru)

Peru

SMV

2026-05-29

Law on Crypto-Asset Markets

Financial Supervision Commission Bulgaria

Bulgaria

FSC

2026-05-15

The Bank, FCA and HM Treasury joint statement on Frontier AI models and cyber resilience

Bank of England

United Kingdom

BOE

2026-05-05

GFSC Guidance Note on Outsourcing and Third Party Risk Management for Banks and Insurers

Gibraltar Financial Services Commission

Gibraltar

GFSC

2026-03-27

Notice of Consultation Paper Release: CP 170

Dubai Financial Services Authority

United Arab Emirates

DFSA

2026-03-10

Supervisory Expectations for CASPs

Central Bank of Ireland

Ireland

CBI

2026-02-23

Guide to Submitting DORA Registers of Information on the Central Bank of Ireland Portal

Central Bank of Ireland

Ireland

CBI

2026-02-13

Circular RUNOR 1-1947 CREFI 2-143: Minimum Requirements for the Management and Control of Technology and Information Security Risks. Expansion to Financial Entities. Update.

Banco Central de la Republica Argentina

Argentina

BCRA

2025-12-18

Final report on guidelines on internal controls for benchmark administrators, credit rating agencies and market transparency infrastructures

European Securities and Markets Authority

European Union

ESMA

2025-11-11

Omni-Risk Return Industry Workshop Presentations

Financial Sector Conduct Authority

South Africa

FSCA

2025-10-31

Regulation on Minimum Requirements for the Anti-Fraud System Against Internal and External Fraud in Payment Organizations/Payment System Operators of the Kyrgyz Republic

National Bank of the Kyrgyz Republic

Kyrgyzstan

NBKR

2025-10-20

Digital Dependency in the Financial Sector

Autoriteit Financiele Markten

Netherlands

AFM

2025-09-25

Guidelines on the Responsible Use of Artificial Intelligence in Financial Services

Financial Services Commission Mauritius

Mauritius

FSC

2025-09-17

Regulations amending Finansinspektionen’s regulations regarding occupational pension undertakings (FFFS 2024:32)

Finansinspektionen

Sweden

FI

2025-09-17

Regulations amending Finansinspektionen’s rules on electronic money institutions regarding DORA compliance

Finansinspektionen

Sweden

FI

2025-09-17

Regulations amending Finansinspektionen’s regulations and general guidelines governing payment institutions and registered payment service providers

Finansinspektionen

Sweden

FI

2025-09-17

Regulations amending Finansinspektionen’s regulations regarding Swedish UCITS

Finansinspektionen

Sweden

FI

2025-09-17

Finansinspektionen Regulations on DORA Incident Reporting and Contractual Registers

Finansinspektionen

Sweden

FI

2025-09-17

Regulations amending Finansinspektionen’s rules on operations on trading venues

Finansinspektionen

Sweden

FI

2025-09-17

Regulations amending supervisory reporting for insurance business (FFFS 2024:30)

Finansinspektionen

Sweden

FI

2025-09-17

Regulations amending supervisory reporting for institutions for occupational pension retirement provision

Finansinspektionen

Sweden

FI

2025-09-17

Regulations amending Finansinspektionen’s regulations regarding activities of payment service providers

Finansinspektionen

Sweden

FI

2025-09-17

Recovery Plans for Licensed Banks

Central Bank of Sri Lanka

Sri Lanka

CBSL

2025-09-11

Operational Resilience Framework for Futures Commission Merchants, Swap Dealers, and Major Swap Participants; Withdrawal of Proposed Regulatory Action

Commodity Futures Trading Commission

United States

CFTC

2025-09-01

BCRA Communication A 8315: Guidelines for Risk Management in Financial Entities. Results Distribution. Update of Ordered Texts.

Banco Central de la Republica Argentina

Argentina

BCRA

2025-08-29

Regulation on Information Systems and Cyber Risk Management

Central Bank of the Republic of Kosovo

Kosovo

CBK

2025-08-05

Integrated Management Systems Policy Statement

Nigeria Deposit Insurance Corporation

Nigeria

NDIC

Showing the 30 most recent of 162.