DORA (Digital Operational Resilience Act)

The Digital Operational Resilience Act is a European Union regulation effective January 2025 requiring financial services firms to manage information and communications technology (ICT) third-party risk systematically, including concentration risk, contractual requirements, and incident reporting for critical technology providers. DORA has elevated third-party cyber risk management from best practice to regulatory obligation for European financial institutions and their global supply chains.