To whom does DORA apply?
DORA applies to financial entities and ICT third-party service providers who engage services from, or provide services to the EU, including:
Financial entities such as banks, payment platforms and e-money institutions, investment firms, crypto asset service providers, fund managers, insurance companies, and finance infrastructure will be directly regulated under DORA
Providers of major and critical IT services to financial entities will be directly regulated under DORA. The EU will designate which firms are critical ICT providers in 2024
ICT service providers to financial entities will be indirectly regulated under DORA