๐ฆ๐บAustralia
DORA compliance in Australia
DORA (Digital Operational Resilience Act) applies to financial entities and their ICT third-party providers in the EU, ensuring digital operational resilience.
Enforcement authority
National financial supervisory authorities + ESAs (EBA, ESMA, EIOPA)
Maximum sanctions
Penalties determined by national competent authorities. Critical ICT providers face fines up to 1% of daily worldwide turnover.
Key obligations
What DORA requires from organizations operating in Australia.
Implement ICT risk management framework
Establish ICT-related incident reporting procedures
Conduct digital operational resilience testing
Manage ICT third-party risk with contractual provisions
Participate in threat-led penetration testing (TLPT)
Local context in Australia
DORA applies from January 17, 2025. Financial entities must ensure full compliance with ICT risk management requirements.
DORA by industry in Australia
Frequently asked questions
How does DORA apply in Australia?
DORA (Digital Operational Resilience Act) applies to financial entities and their ICT third-party providers in the EU, ensuring digital operational resilience.
Who enforces DORA in Australia?
National financial supervisory authorities + ESAs (EBA, ESMA, EIOPA)
What are the penalties for DORA non-compliance?
Penalties determined by national competent authorities. Critical ICT providers face fines up to 1% of daily worldwide turnover.
Check your DORA compliance now
Run a free scan to see your risk score and applicable obligations.