All insights
DORA
· 12 min read

DORA — ICT Risk Obligations for EU Financial Entities

The five pillars, third-party register requirements, and threat-led penetration testing under Article 26.

Published 8 January 2026 · Updated 19 May 2026

The five pillars

ICT risk management, incident reporting, digital operational resilience testing, third-party risk, and information sharing — each with its own regulatory technical standards.

Engage CHNYD Trace

Talk to a partner about DORA — scoping calls are complimentary.

Request consultation →