ediverse Explore the platform

Spotlight PEPPOL BIS Billing 3.0 The EU e-invoicing mandate is here — France Sept 2026, Belgium Jan 2026, Germany 2025.

DORA-EU-REGULATION-DETAIL

DORA EU Regulation detail compliance regulation modern detailed.

Definition

DORA (Digital Operational Resilience Act) detail covers the technical details + scope + obligations of EU Regulation 2022/2554 published 27 December 2022 (entry into force 16 January 2023, application 17 January 2025) harmonising operational resilience requirements EU financial services entities + their Critical Third-Party Providers (CTPPs incl cloud providers AWS + Azure + GCP + multiple SaaS), includes ICT risk management + incident reporting + digital operational resilience testing + ICT third-party risk + information sharing. Technical detail + application scope + compliance obligations + non-compliance sanctions + reporting processes + impact on in-scope companies + alignment with adjacent national + international regulations + governance + supervisory authorities + implementation timeline + transitions + case law + industry best practices documentation adoption.

Origin

EU Regulation 2022/2554 DORA published 27 December 2022 ; entry into force 16 January 2023 ; application 17 January 2025 ; ESAs + ENISA + national competent authorities supervisory.

Example in context

European bank BNP Paribas implements DORA compliance program 2024-2025: (1) ICT Risk Management Framework documented + Board-approved, (2) Major incident classification + reporting procedures (e.g., ransomware affecting trading systems triggers 4-hour initial notification + 72-hour intermediate report + final report ECB+ACPR), (3) Threat-Led Penetration Testing TLPT every 3 years on critical systems, (4) ICT third-party risk register all material outsourcing arrangements (cloud + SaaS providers monitored).

Last updated: May 16, 2026