Does Cleo cover US state privacy laws?

Yes. Cleo monitors all enacted and proposed state privacy laws including CCPA/CPRA (California), CPA (Colorado), VCDPA (Virginia), and 15+ other state laws.

How does Cleo handle the US regulatory patchwork?

Cleo's AI maps applicable federal and state regulations based on your industry, data types, and operational footprint, giving you one unified compliance view.

🇺🇸United StatesActive

DORA compliance in the US

DORA (Digital Operational Resilience Act) applies to financial entities and their ICT third-party providers in the EU, ensuring digital operational resilience.

Start free scan

Enforcement authority

National financial supervisory authorities + ESAs (EBA, ESMA, EIOPA)

Maximum sanctions

Penalties determined by national competent authorities. Critical ICT providers face fines up to 1% of daily worldwide turnover.

Obligations

Key obligations

What DORA requires from organizations operating in the US.

Implement ICT risk management framework

Establish ICT-related incident reporting procedures

Conduct digital operational resilience testing

Manage ICT third-party risk with contractual provisions

Participate in threat-led penetration testing (TLPT)

Local context

Local context in the US

DORA applies from January 17, 2025. Financial entities must ensure full compliance with ICT risk management requirements.

Connects to

DORA by industry in the US

Retail & Consumer Goods Cosmetics & Personal Care Electronics & Connected Devices Food & Beverage Pet Care & Pet Food Sporting Goods Medical Devices Drugs & Pharmaceuticals Insurance Energy & Utilities

Frequently asked questions

How does DORA apply in the US?

DORA (Digital Operational Resilience Act) applies to financial entities and their ICT third-party providers in the EU, ensuring digital operational resilience.

Who enforces DORA in the US?

National financial supervisory authorities + ESAs (EBA, ESMA, EIOPA)

What are the penalties for DORA non-compliance?

Penalties determined by national competent authorities. Critical ICT providers face fines up to 1% of daily worldwide turnover.

Read our complete DORA compliance guide

DORA in other jurisdictions

🇪🇺European Union 🇫🇷France 🇩🇪Germany 🇬🇧United Kingdom 🇧🇷Brazil 🇦🇺Australia 🇮🇳India

Check your DORA compliance now

Start free scan to see your risk score and applicable obligations.

Start with 1 product

Start free scan