Cambridge Cyber InternationalCambridge CyberInternati
nal

EUR · Framework

DORA — Digital Operational Resilience Act

DORA sets uniform rules on information and communication technology (ICT) risk for the European financial sector, so that firms can withstand, respond to and recover from ICT disruptions and threats.

What it is

DORA sets uniform rules on information and communication technology (ICT) risk for the European financial sector, so that firms can withstand, respond to and recover from ICT disruptions and threats.

European Union · Applies since 17 January 2025

Who it binds

Banks, insurers, investment firms, payment and crypto-asset service providers, and the critical ICT third parties that serve them.

Key obligations

  • An ICT risk-management framework owned by the management body
  • Classification and reporting of major ICT-related incidents
  • Digital operational resilience testing, including threat-led penetration testing
  • Oversight of ICT third-party risk and concentration
  • Information and intelligence sharing on cyber threats

How CCI addresses it

DORA-MAST computes ICT risk and resilience against the regulation; cVaR quantifies the value-at-risk a board must report; EviGen evidences the controls; threat-led testing is delivered with PenTeva.

DORA-MAST → cVaR →

Official source

Regulation (EU) 2022/2554

https://eur-lex.europa.eu/eli/reg/2022/2554/oj

The linked text is the authoritative legal or standards source. CCI maps to it; it is not a CCI publication.

← All frameworks