DORA: Digital Operational Resilience Act

A summary of our articles, wikis, e-papers and services about DORA, the Digital Operational Resilience Act.


DORA, the Digital Operational Resilience Act will come into force on 17th January 2025. DORA creates a binding, ICT risk management framework for financial sector organisations operating in European Member States.

DORA contains a large number of requirements covering a wide range of topics. Some of these will be new to financial organisaitons, while others are likely to have already been implemented under previous legislation. Either way, it is important to determine what your organisation needs to do to ensure compliance.

DORA compliance
in four steps

At the heart of DORA compliance is ICT risk management.

The DORA process has four steps – Discover, Offer, Request and Acknowledge. These are designed to mitigate operational resilience risks.

  • Decide who should be involved and who will be responsible for each of the different DORA topics within your organisation.
  • Identify which DORA documents and processes apply to you and bring together a project team.
  • Perform a gap analysis to review your current processes and documentation, determining how DORA compliant you are and identifying the gaps.
  • Create and implement follow-up actions to ensure that you are DORA compliant.
  • Finally, set up a programme to assess and monitor the effectiveness of the actions you are about to implement.

Digital resilience trainings

Through our training institute, The Ministry of Compliance, we offer practical training to enhance your organisation’s digital resilience: