🇺🇸United States
DORA compliance in the US
DORA (Digital Operational Resilience Act) applies to financial entities and their ICT third-party providers in the EU, ensuring digital operational resilience.
Enforcement authority
National financial supervisory authorities + ESAs (EBA, ESMA, EIOPA)
Maximum sanctions
Penalties determined by national competent authorities. Critical ICT providers face fines up to 1% of daily worldwide turnover.
Key obligations
What DORA requires from organizations operating in the US.
Implement ICT risk management framework
Establish ICT-related incident reporting procedures
Conduct digital operational resilience testing
Manage ICT third-party risk with contractual provisions
Participate in threat-led penetration testing (TLPT)
Local context in the US
DORA applies from January 17, 2025. Financial entities must ensure full compliance with ICT risk management requirements.
Frequently asked questions
How does DORA apply in the US?
DORA (Digital Operational Resilience Act) applies to financial entities and their ICT third-party providers in the EU, ensuring digital operational resilience.
Who enforces DORA in the US?
National financial supervisory authorities + ESAs (EBA, ESMA, EIOPA)
What are the penalties for DORA non-compliance?
Penalties determined by national competent authorities. Critical ICT providers face fines up to 1% of daily worldwide turnover.
DORA in other jurisdictions
Check your DORA compliance now
Start free scan to see your risk score and applicable obligations.