I
Impetora
Regulation

DORA

The Digital Operational Resilience Act (DORA) is an EU regulation that sets uniform requirements for the digital operational resilience of financial entities, including their use of AI and ICT third-party service providers.

What is DORA?

DORA applies from January 2025 to banks, insurers, investment firms, payment institutions, and many of their critical ICT providers. Requirements cover ICT risk management, incident reporting, digital operational resilience testing, third-party risk management, and information sharing. AI systems supplied to financial entities must support DORA's testing, monitoring, and exit-strategy obligations.

How does DORA apply to enterprise AI?

Any AI vendor selling into EU financial services must be ready for DORA-aligned diligence: documented incident processes, testing evidence, contractual sub-contracting controls, and exit plans.

Related terms

Regulation

EU AI Act

The EU AI Act (Regulation (EU) 2024/1689) is the European Union's horizontal regulation for AI, classifying systems by risk and imposing obligations on providers, deployers, importers, and distributors.
Regulation

GDPR

The General Data Protection Regulation (GDPR) is the EU's data-protection regulation, governing the processing of personal data of people in the EU and EEA.
Methodology

Sub-processor

A sub-processor is a third party that processes personal data on behalf of a processor, typically an infrastructure or software vendor sitting beneath the primary service provider.

External references

Impetora

Need help applying DORA to your enterprise? Submit a short brief and we reply within one business day.

Submit a projectBack to glossary
Discovery call

Book a discovery call

Tell us what you would like to build. We reply within one business day.

30-minute call. Free of charge. No obligation.