Regulation (EU) 2022/2554 · Applies since 17 January 2025
DORA Compliance Resource Center
The independent encyclopedia, provider directory, and readiness tools for the EU Digital Operational Resilience Act. Neutral, sourced, and updated monthly.
- Updated weekly
- 19 verified providers
- 13 glossary terms
- 21 regulation articles
- Published methodology
The five pillars of DORA
DORA organises operational-resilience obligations into five areas. Each links to a deep-dive with the relevant articles.
ICT Risk Management
Governance, frameworks, and controls for managing ICT risk across the financial entity.
ICT Incident Reporting
Classifying, managing, and reporting major ICT-related incidents to competent authorities.
Digital Resilience Testing
Regular testing of ICT systems, including threat-led penetration testing (TLPT).
ICT Third-Party Risk
Managing risk from ICT third-party providers, including the register of information.
Information Sharing
Voluntary exchange of cyber-threat intelligence between financial entities.
Verified DORA providers
Ranked against our published methodology. Every profile lists strengths and limitations.
Deloitte
Big 4
Deloitte is a Big Four network delivering DORA readiness assessments, ICT and operational-resilience advisory, third-party risk management, and threat-led penetration testing (TLPT) support. It serves the largest EU banks, insurers, and market infrastructures alongside a growing fintech practice.
PwC
Big 4
PwC is one of the Big Four professional-services networks, offering DORA gap assessments, ICT risk-management advisory, third-party risk programmes, and resilience-testing support across the full range of EU financial entities. Its scale and regulatory relationships make it a common choice for large, complex institutions.
EY
Big 4
EY (Ernst & Young) is a Big Four network providing DORA readiness and gap assessments, ICT and cyber-risk advisory, third-party risk programmes, and operational-resilience testing. It works across banking, insurance, and capital-markets clients throughout the EU.
KPMG
Big 4
KPMG is a Big Four network offering DORA gap analysis, ICT risk-management frameworks, third-party risk advisory, and regulatory-reporting support. With its global headquarters in the Netherlands, it maintains a strong EU-centred regulatory practice.
Latest guides
What is DORA? Scope, timeline, and who must comply
A plain-English overview of the Digital Operational Resilience Act, its five pillars, and the January 2025 application date.
Read guideComparisonDORA vs NIS2: how the two EU frameworks differ
Where DORA and NIS2 overlap, where they diverge, and which one applies to your organisation.
Read guideLead magnetThe complete DORA compliance checklist
Every requirement across the five pillars, mapped to the relevant articles, free PDF and spreadsheet.
Read guideNot sure where your DORA programme stands?
Answer 20 questions across the five pillars and get a scored readiness report with prioritised next steps.