DORA is enforced by designated regulators in each EU member state, known as competent authorities. These competent authorities can request that financial organisations implement specific security measures and remediate vulnerabilities. Meanwhile, EU member states can impose penalties on organisations that fail to comply. The nature of these penalties is decided by each member state.
ICT service providers classified as critical by the European Commission are directly supervised by the European Supervisory Authorities (ESAs), which have similar powers to competent authorities (i.e., requesting the implementation of security measures and the remediation of vulnerabilities). ESAs also have the power to fine non-compliant ICT service providers up to 1% of their average daily worldwide turnover.
Achieve Full DORA Compliance with Confidence
Close your compliance gaps with expert support. We’ll deliver tailored, actionable recommendations to ensure you meet DORA requirements and protect your operations.
Find out more
related BLog
DORA - The Digital Operations Resilience Act
Published on
5 Jun
2025
URM’s blog discusses the EU’s Digital Operation’s Resilience Act (DORA), explaining who it will apply to, its requirements, how it will be enforced, and more.
Read more
"
Our partnership with URM has been outstanding. From supporting us with our own Cyber Essentials certification to assisting our customers with Cyber Essentials, ISO 27001, and virtual CISO services, URM consistently delivers exceptional service. Their expertise, open communication, and ability to allocate the right expert resources for specific requirements makes every project seamless. We highly value their support and look forward to continuing our collaboration.
contact US
Let us help you
Let us help you in your compliance journey by completing the form and letting us know how we can best support you.