DORA Implementation Guide
Your Guide to Understanding and Implementing the Digital Operational Resilience Act
Welcome to the DORA Implementation Guide! Our goal is to:
provide you with a no-nonsense, jargon-free explanation of DORA, and
give you a practical guide and assistance for implementing DORA for your organization.
We recommend following the order below but please feel free to jump between the articles in any order you find relevant for you. Join us as we make DORA simple to understand and actionable.
Since DORA is a new regulation and many organizations are implementing compliance just now, a lot of implementation questions and details are still changing and evolving. We will be adding more information and making improvements to this series as things progress. If you have any questions, are missing any information, have suggestions for improvements, or find issues, please don’t hesitate to contact us via this form or send us a message on dora@komply.one.
Get in touch
We hope that this guide will give you the insights and help you need to implement DORA compliance. If you would like some support, please click the button below, and we'll ensure your implementation is a no-frills experience.
DORA Getting Started Guide
For many organizations, implementing DORA compliance is a journey filled with complexities and uncertainties. This article series aims to help you navigate the DORA landscape, offering practical insights, step-by-step guidance, and expert perspectives on how to approach compliance effectively.
Quick background and general information
A simple way of thinking of Digital Operational Resilience Act (DORA) is that it’s like GDPR but for digital products and services instead of personal data and privacy. It’s specifically developed for the financial sector and aims to ensure that companies providing financial services can withstand, respond to, and recover from all types of information and communication technology issues and threats.
DORA for FinTech companies not under Supervisory Authority
If DORA doesn’t directly apply to your company but you are a FinTech provider and your customers falls under DORA and you are an important service for your customers, they will be responsible for managing potential risk to the services you provide. They need to both handle the risk proactively and be prepared to report incidents in a quick, comprehensive and correct manner in case your service has interruptions or issues that affect their operations.
High-level implementation guide
This article gives a high level overview of requirements that organizations are expected to implement in order to be DORA compliant. It provides a comprehensive starting point for organizations to understand the key areas they need to address to achieve DORA compliance.
Recitals - Commission Delegated Regulation (EU) 2024/1774
The Commission Delegated Regulation (EU) 2024/1774 is a supplementary regulatory text, developed and adopted by the European Commission to provide more detailed rules and guidelines on how to implement DORA effectively. The first part of the document are the Recitals. Recitals are not in themselves binding. They are, however, important in interpreting and understanding intentions of the act and give a good overview of what needs to be implemented.
Articles - Commission Delegated Regulation (EU) 2024/1774
The Commission Delegated Regulation (EU) 2024/1774 is a supplementary regulatory text developed and adopted by the European Commission to provide more detailed rules and guidelines on how to effectively implement DORA. The articles within the regulation are the binding components. See this article for a summary of each article, which will provide a deeper understanding of DORA.