Skip to content
Cybsis

Standard

Digital Operational Resilience Act (Reg. EU 2022/2554)

The EU financial-sector operational resilience regulation. ICT risk management, incident reporting, third-party oversight, threat-led penetration testing.

EU€600/year as an additional standards packAvailable now

DORA is lex specialis for EU financial entities — it supersedes most NIS2 Article 21 obligations for the sector it applies to. Cybsis 2.0 ships DORA with the ICT risk-management framework, incident classification and reporting workflow, third-party register, and the threat-led penetration testing scope.

CTPSPs (Critical Third-Party Service Providers, e.g. cloud providers) come under direct ESA oversight — a category modelled in the Service Provider Registry.