Skip to main content
DORA Auditor

DORA Requirements: The Five Pillars

Last updated: 1 authoritative sourceDORA Auditor Editorial Team

DORA's requirements are organised into five pillars. Together they require financial entities to govern ICT risk, report major incidents, test their resilience, manage third-party dependencies, and, optionally, share threat intelligence. Each pillar below links to a detailed deep-dive with the relevant articles.

The five pillars at a glance

Where to start

Most entities begin with the ICT risk-management framework and the register of information, since these underpin the other pillars. Use our Readiness Score to see which pillars need the most attention, or work through the compliance checklist.

Frequently asked questions

How many pillars does DORA have?
Are all five DORA pillars mandatory?
Which DORA requirements should a firm address first?

Sources

  1. Regulation (EU) 2022/2554 (DORA), EUR-Lex