Financial Entity
A financial entity is any organisation listed in DORA Article 2 that falls within the regulation's scope, including credit institutions, payment and e-money institutions, investment firms, insurers, crypto-asset service providers, and around twenty other categories. Financial entities bear the primary obligations across all five DORA pillars.
Detailed explanation
DORA takes a deliberately broad, functional view of the financial sector. Article 2 enumerates the entity types in scope, ranging from traditional banks and insurers to newer categories such as crypto-asset service providers and account information service providers. The definition is what determines whether an organisation must build an ICT risk-management framework, report major incidents, test its resilience, and manage third-party risk. DORA applies the principle of proportionality: obligations scale with an entity's size, risk profile, and systemic importance, and a simplified regime applies to smaller and less complex entities such as small non-interconnected investment firms and micro-enterprises. Entities that are also ICT third-party providers to other financial entities can face obligations from both directions. Because the classification drives the entire compliance burden, confirming which Article 2 category applies, and whether the simplified regime is available, is usually the first step in any DORA readiness assessment.
In context
This term relates to the ICT Risk Management pillar and is grounded in DORA Article 2.