DORA is applicable to a wide range of organisations in the financial sector, including banks, insurance companies, investment firms, pension companies and credit rating agencies.  If your organisation needs to be registered with a financial authority in Europe, it is quite likely that it is scope of DORA.  

DORA also applies to major third-party ICT service providers that support in-scope financial institutions.   The current understanding is that this only covers those organisations providing fundamental, significant services to multiple financial institutions, such as data centres, major services such as Microsoft Azure and Amazon Web Services (AWS), etc.  

As DORA is a piece of EU legislation, only organisations operating in the EU or ICT service providers that support financial organisations operating in the EU are in scope.

DORA - The Digital Operations Resilience Act

Published on
5 Jun
2025

URM’s blog discusses the EU’s Digital Operation’s Resilience Act (DORA), explaining who it will apply to, its requirements, how it will be enforced, and more.

Read more
"
The partnership approach URM takes is genuine. Our relationship with URM is not hard-nosed or overly commercialised, and feels much closer to a partnership arrangement than any other security consultancy providers we have worked with. If we had a new piece of work that we needed external help with, URM would be our first port of call for assistance.
CISO at University of Surrey
contact US

Let us help you

Let us help you in your compliance journey by completing the form and letting us know how we can best support you.