DORA - Digital Operational Resilience Act
DORA is an EU regulation that, starting in January 2025, will impose mandatory requirements on financial firms regarding digital operational resilience, ICT risk management, and incident reporting.
Summary: EU Regulation (2022/2554) on digital operational resilience in the financial sector. Mandatory for 20 categories of financial firms as of January 17, 2025. Regulates ICT risk management, incident reporting, and resilience testing.
Sources & References
- [1] Verordnung (EU) 2022/2554 - DORA - Amtsblatt der Europäischen Union
- [2] EBA - DORA Technical Standards - European Banking Authority
- [3] BaFin - DORA Informationsseite - Bundesanstalt für Finanzdienstleistungsaufsicht
Questions about this topic?
Our experts advise you free of charge and without obligation.
About the Author
Dipl.-Math. (WWU Münster) und Promovend am Promotionskolleg NRW (Hochschule Rhein-Waal) mit Forschungsschwerpunkt Phishing-Awareness, Behavioral Security und Nudging in der IT-Sicherheit. Verantwortet den Aufbau und die Pflege von ISMS, leitet interne Audits nach ISO/IEC 27001:2022 und berät als externer ISB in KRITIS-Branchen. Lehrbeauftragter für Communication Security an der Hochschule Rhein-Waal und NIS2-Schulungsleiter bei der isits AG.
3 Publikationen
- Different Seas, Different Phishes - Large-Scale Analysis of Phishing Simulations Across Different Industries (2025)
- Self-promotion with a Chance of Warnings: Exploring Cybersecurity Communication Among Government Institutions on LinkedIn (2024)
- Exploring the Effects of Cybersecurity Awareness and Decision-Making Under Risk (2024)
