DORA is applicable to a wide range of organisations in the financial sector, including banks, insurance companies, investment firms, pension companies and credit rating agencies. If your organisation needs to be registered with a financial authority in Europe, it is quite likely that it is scope of DORA.
DORA also applies to major third-party ICT service providers that support in-scope financial institutions. The current understanding is that this only covers those organisations providing fundamental, significant services to multiple financial institutions, such as data centres, major services such as Microsoft Azure and Amazon Web Services (AWS), etc.
As DORA is a piece of EU legislation, only organisations operating in the EU or ICT service providers that support financial organisations operating in the EU are in scope.
Achieve Full DORA Compliance with Confidence
Close your compliance gaps with expert support. We’ll deliver tailored, actionable recommendations to ensure you meet DORA requirements and protect your operations.
Find out more
related BLog
DORA - The Digital Operations Resilience Act
Published on
5 Jun
2025
URM’s blog discusses the EU’s Digital Operation’s Resilience Act (DORA), explaining who it will apply to, its requirements, how it will be enforced, and more.
Read more
"
We've been using URM for our PCI DSS assessments for the last 5 years and we are pleased with their service. The assessment is always completed promptly, the price is competitive, and communication is great. We'll keep using them and are happy to recommend URM to anyone.
contact US
Let us help you
Let us help you in your compliance journey by completing the form and letting us know how we can best support you.