DORA is applicable to a wide range of organisations in the financial sector, including banks, insurance companies, investment firms, pension companies and credit rating agencies. If your organisation needs to be registered with a financial authority in Europe, it is quite likely that it is scope of DORA.
DORA also applies to major third-party ICT service providers that support in-scope financial institutions. The current understanding is that this only covers those organisations providing fundamental, significant services to multiple financial institutions, such as data centres, major services such as Microsoft Azure and Amazon Web Services (AWS), etc.
As DORA is a piece of EU legislation, only organisations operating in the EU or ICT service providers that support financial organisations operating in the EU are in scope.
Achieve Full DORA Compliance with Confidence
Close your compliance gaps with expert support. We’ll deliver tailored, actionable recommendations to ensure you meet DORA requirements and protect your operations.
Find out more
related BLog
DORA - The Digital Operations Resilience Act
Published on
5 Jun
2025
URM’s blog discusses the EU’s Digital Operation’s Resilience Act (DORA), explaining who it will apply to, its requirements, how it will be enforced, and more.
Read more
"
After a bad experience with a previous provider, we looked to URM for QSA support. The URM QSA we have worked with is phenomenal, and considerably better than our previous QSAs. My team enjoy working with him, and find him to be extremely credible and effective.
CISO at University of Surrey
contact US
Let us help you
Let us help you in your compliance journey by completing the form and letting us know how we can best support you.