DORA

In view of the increasing digitalization and interconnectedness in the financial sector and the related risks in the area of information and communication technologies (ICT), Regulation (EU) 2022/2554 of the European Parliament and of the Council of 14 December 2022 on digital operational resilience in the financial sector, the Digital Operational Resilience Act (DORA), was created to further strengthen digital operational resilience in the EEA financial sector by introducing a harmonized legal framework. DORA not only contains comprehensive provisions for ICT risk management, ICT-related incident handling, digital operational resilience testing and ICT third party risk management, but also extends the previous scope of application (e.g. compared to FMA Directive 2021/3).

The aim of this website is to introduce DORA, provide information on the latest developments and answer frequently asked questions (FAQs). DORA has been applicable to financial intermediaries in the EU since January 17, 2025. In Liechtenstein, the Act of December 5, 2024 implementing Regulation (EU) 2022/2554 on digital operational resilience in the financial sector (EEA-DORA-DG) entered into force on February 1, 2025.