DORA is enforced by designated regulators in each EU member state, known as competent authorities. These competent authorities can request that financial organisations implement specific security measures and remediate vulnerabilities. Meanwhile, EU member states can impose penalties on organisations that fail to comply. The nature of these penalties is decided by each member state.
ICT service providers classified as critical by the European Commission are directly supervised by the European Supervisory Authorities (ESAs), which have similar powers to competent authorities (i.e., requesting the implementation of security measures and the remediation of vulnerabilities). ESAs also have the power to fine non-compliant ICT service providers up to 1% of their average daily worldwide turnover.
Achieve Full DORA Compliance with Confidence
Close your compliance gaps with expert support. We’ll deliver tailored, actionable recommendations to ensure you meet DORA requirements and protect your operations.
Find out more
related BLog
DORA - The Digital Operations Resilience Act
Published on
5 Jun
2025
URM’s blog discusses the EU’s Digital Operation’s Resilience Act (DORA), explaining who it will apply to, its requirements, how it will be enforced, and more.
Read more
"
The consultant’s efforts in ensuring that our PCI compliance is audited correctly is highly appreciated, as it gives the company an accreditation that we can be proud of and that we can show off to existing and prospective customers as proof of our security posture. A huge thank you to URM for providing such a valuable service.
Open Banking Platform
contact US
Let us help you
Let us help you in your compliance journey by completing the form and letting us know how we can best support you.