DORA is applicable to a wide range of organisations in the financial sector, including banks, insurance companies, investment firms, pension companies and credit rating agencies. If your organisation needs to be registered with a financial authority in Europe, it is quite likely that it is scope of DORA.
DORA also applies to major third-party ICT service providers that support in-scope financial institutions. The current understanding is that this only covers those organisations providing fundamental, significant services to multiple financial institutions, such as data centres, major services such as Microsoft Azure and Amazon Web Services (AWS), etc.
As DORA is a piece of EU legislation, only organisations operating in the EU or ICT service providers that support financial organisations operating in the EU are in scope.
Achieve Full DORA Compliance with Confidence
Close your compliance gaps with expert support. We’ll deliver tailored, actionable recommendations to ensure you meet DORA requirements and protect your operations.
Find out more
related BLog
DORA - The Digital Operations Resilience Act
Published on
5 Jun
2025
URM’s blog discusses the EU’s Digital Operation’s Resilience Act (DORA), explaining who it will apply to, its requirements, how it will be enforced, and more.
Read more
"
We would like to pass on our gratitude to our consultant for all his hard work and advice during our 3-year re-certification and assessment against the new Standard. After seven days of auditing, we have two OFIs that the assessors have put forward from the audits. This pays testament to our URM consultant, his hard work, eye for detail and advice given, both during the audits and during all the works beforehand.
contact US
Let us help you
Let us help you in your compliance journey by completing the form and letting us know how we can best support you.