🏆 We helped secure 10% of French MiCA licenses · Fixed fees, no lock-in🏆 We helped secure 10% of French MiCA licenses · Fixed fees, no lock-in🏆 We helped secure 10% of French MiCA licenses · Fixed fees, no lock-in🏆 We helped secure 10% of French MiCA licenses · Fixed fees, no lock-in🏆 We helped secure 10% of French MiCA licenses · Fixed fees, no lock-in🏆 We helped secure 10% of French MiCA licenses · Fixed fees, no lock-in
All articles
Compliance6 min read

DORA: regulation, obligations and compliance

Published on June 23, 2026

DORA (Digital Operational Resilience Act) is the European regulation requiring the financial sector to ensure its operational resilience against digital risks. Unlike a directive, a regulation applies directly, without national transposition.

What is DORA?

DORA aims to harmonize information and communication technology (ICT) risk management across the European financial sector. The goal: ensure financial entities can withstand, respond to and recover from any ICT-related incident.

Who is concerned?

  • Financial entities: banks, insurers, investment firms, payment institutions, crypto-asset service providers…
  • Critical ICT third-party providers (cloud, hosting, software) serving them, now placed under oversight.

The 5 pillars of DORA

  • ICT risk management: governance, identification, protection, detection and response.
  • Management and reporting of major ICT-related incidents.
  • Digital operational resilience testing, including advanced testing (TLPT) for the most critical entities.
  • ICT third-party risk management (contracts, monitoring, exit strategy).
  • Cyber threat information sharing between financial entities.

The sensitive point: ICT providers

DORA requires a precise mapping of your critical providers and strict contractual clauses. It is often the most underestimated work.

How to become compliant?

  • Run a gap analysis against the 5 pillars.
  • Strengthen ICT risk governance and involve the management body.
  • Map critical ICT providers and revise contracts.
  • Set up resilience testing and incident notification mechanisms.

DORA requires a cross-functional approach at the intersection of cybersecurity, risk and legal. Structured support helps avoid blind spots, especially across the ICT subcontracting chain.

Go further

Compliance

A cybersecurity project?

Our experts support you on compliance, audit and operational security.

Contact an expert

We use audience measurement cookies (Google Analytics) to improve your experience. No cookie is set without your consent. Learn more