DORA is enforced by designated regulators in each EU member state, known as competent authorities. These competent authorities can request that financial organisations implement specific security measures and remediate vulnerabilities. Meanwhile, EU member states can impose penalties on organisations that fail to comply. The nature of these penalties is decided by each member state.
ICT service providers classified as critical by the European Commission are directly supervised by the European Supervisory Authorities (ESAs), which have similar powers to competent authorities (i.e., requesting the implementation of security measures and the remediation of vulnerabilities). ESAs also have the power to fine non-compliant ICT service providers up to 1% of their average daily worldwide turnover.
Achieve Full DORA Compliance with Confidence
Close your compliance gaps with expert support. We’ll deliver tailored, actionable recommendations to ensure you meet DORA requirements and protect your operations.
Find out more
related BLog
DORA - The Digital Operations Resilience Act
Published on
5 Jun
2025
URM’s blog discusses the EU’s Digital Operation’s Resilience Act (DORA), explaining who it will apply to, its requirements, how it will be enforced, and more.
Read more
"
URM has played a vital role in helping us and our clients achieve Cyber Essentials, Cyber Essentials Plus, and ISO 27001 certifications. URM's expertise and dedication have been key to the success of this process, and their assistance has enabled us to enhance our cybersecurity posture significantly and provide our clients with the highest level of protection against cyber threats.
contact US
Let us help you
Let us help you in your compliance journey by completing the form and letting us know how we can best support you.