DORA is applicable to a wide range of organisations in the financial sector, including banks, insurance companies, investment firms, pension companies and credit rating agencies. If your organisation needs to be registered with a financial authority in Europe, it is quite likely that it is scope of DORA.
DORA also applies to major third-party ICT service providers that support in-scope financial institutions. The current understanding is that this only covers those organisations providing fundamental, significant services to multiple financial institutions, such as data centres, major services such as Microsoft Azure and Amazon Web Services (AWS), etc.
As DORA is a piece of EU legislation, only organisations operating in the EU or ICT service providers that support financial organisations operating in the EU are in scope.
Achieve Full DORA Compliance with Confidence
Close your compliance gaps with expert support. We’ll deliver tailored, actionable recommendations to ensure you meet DORA requirements and protect your operations.
Find out more
related BLog
DORA - The Digital Operations Resilience Act
Published on
5 Jun
2025
URM’s blog discusses the EU’s Digital Operation’s Resilience Act (DORA), explaining who it will apply to, its requirements, how it will be enforced, and more.
Read more
"
I thought the training was very good. It was clear and logical. The trainer was very knowledgeable, approachable and friendly, which makes it easy to stop and ask questions or to clarify a point. I was particularly impressed by his explanation of why we need to be mindful of the language we use and what the standard is actually asking for; most of it is common sense, but understanding what it actually means and what is required is key, so that really resonated with me.
contact US
Let us help you
Let us help you in your compliance journey by completing the form and letting us know how we can best support you.