Get ready for the DORA regulation
DORA (Digital Operational Resilience Act) is a regulation of the European Union aimed at strengthening the digital operational resilience of the financial sector.
Sectors Affected
Estimated Companies Involved
Entered into force on
Effective since
DORA Obligations and Technical Requirements
Start preparing your compliance plan now: align with regulatory obligations and standards to avoid heavy penalties and seize all opportunities for your business.
Key Obligations
To manage ICT risk, financial institutions must adopt a clear framework with defined roles and responsibilities.
DORA RTS and ITS
The European Supervisory Authorities (ESAs) develop Regulatory Technical Standards (RTS) and Implementing Technical Standards (ITS) to provide detailed guidance on the DORA Regulation and operational references for financial entities. These technical standards cover:
Which financial entities are involved?
The DORA regulation applies to financial entities and ICT service providers, taking into account the differences between financial organizations in terms of size, business profiles, and exposure to digital risks. Compliance measures may vary depending on the complexity and significance of the financial entity involved.
Financial Sector
Is your company
subject to the regulation?
Contact us to verify if you fall within the scope of DORA.
We will support you on the path to compliance through a strategic and operational approach tailored to your business.
How can we help you?
Get ready for DORA with our cybersecurity services.
Scope of application
We offer an advisory service in collaboration with partners such as international law firms, cybersecurity experts, and data privacy specialists.
Our consultancy determines the applicability of the regulation to your company, whether you are a financial entity or an ICT provider.

DORA Gap Analysis
We evaluate compliance with the regulation’s requirements. This service helps identify non-compliant areas and develop an action plan to address the gaps. It includes:
- Cyber Risk Assessment, to identify and mitigate operational risks related to non-compliance.
- Requirements Mapping and Gap Analysis, through the assessment of reporting and incident notification capabilities to pinpoint discrepancies.
- Sustainable and Proportional Roadmap, with clearly defined roles, responsibilities, and priorities for a structured compliance plan.

Digital Operational Resilience Testing
We provide a certified ethical hacking team to implement a robust and comprehensive testing plan. This includes advanced cybersecurity tests, such as Threat-Led Penetration Testing (TLPT), which must be conducted at least every three years for critical financial entities.

Cybersecurity Training
We promote a cybersecurity training plan to ensure that all staff, including executives, are equipped to handle cyber risks and threats. It includes,
- Security Awareness, to enhance ICT security awareness among employees and management.
- Specific Modules related to practices for crisis management, operational continuity, and incident response.

Take a step toward a safer future
Contact us for a free consultation and discover how to achieve and maintain compliance with DORA.