DORA-REG
EU digital resilience regulation for finance.
Definition
DORA applies from 17 January 2025. Requires ICT third-party mapping, Threat-Led Penetration Testing (TLPT) for major actors, major incident classification with reporting to competent authority within 4 hours. Addressed to banks, insurers, asset managers, MIs, CSDs, crypto exchanges.
Origin
Adopted 14 December 2022 ; Official Journal 27 December 2022.
Example in context
A Dutch bank suffers a cyber attack 15 February 2025 — DORA incident escalation to DNB within 4 hours.
Related terms
- NIS2 Directive — general EU cyber.