Skip to main content
DORA Auditor

DORA for Crypto-Asset Service Providers (CASPs)

Last updated: 2 authoritative sourcesDORA Auditor Editorial Team

Crypto-asset service providers (CASPs)authorised under MiCA, and issuers of asset-referenced tokens, are within DORA's scope under Article 2. As newly regulated entities they must build DORA compliance alongside MiCA authorisation, covering all five pillars. DORA has applied since 17 January 2025.

MiCA and DORA together

MiCA governs authorisation and conduct for crypto-asset services; DORA governs their digital operational resilience. CASPs typically face both at once, often from a lower compliance baseline than incumbent financial entities. See our DORA vs MiCA overlap.

Where CASPs are exposed

Getting started

Stand up the ICT risk-management framework, inventory third parties into the register of information, and benchmark with the best DORA auditors for crypto.

Frequently asked questions

Are CASPs really covered by DORA?
Do CASPs have to comply with both MiCA and DORA?
What is the hardest part of DORA for crypto firms?

Sources

  1. Regulation (EU) 2022/2554 (DORA), EUR-Lex
  2. ESMA, Digital Operational Resilience Act (DORA)