DORA
· 12 min readDORA — ICT Risk Obligations for EU Financial Entities
The five pillars, third-party register requirements, and threat-led penetration testing under Article 26.
Published 8 January 2026 · Updated 19 May 2026
The five pillars
ICT risk management, incident reporting, digital operational resilience testing, third-party risk, and information sharing — each with its own regulatory technical standards.
Engage CHNYD Trace
Talk to a partner about DORA — scoping calls are complimentary.
Request consultation →