The financial sector is an area particularly vulnerable to challenges related to the dynamic development of information and communication technologies (ICT). In response to this, the European Union introduced the DORA regulation, aimed at increasing the digital resilience of financial institutions. What is DORA about and how does the growAp application support organizations in adapting to the new requirements?
What is the DORA regulation?
DORA is a legal act of the European Union that imposes obligations on financial institutions and their ICT service providers related to digital risk management. Its task is to increase the operational resilience of organizations, while ensuring business continuity in the event of digital crises. The regulation covers, among others, principles of monitoring, reporting and responding to incidents related to digital security.
What does the acronym DORA stand for?
DORA is an acronym derived from the English name Digital Operational Resilience Act and refers to European Union Regulation 2022/2554 on digital operational resilience.
What is the main objective of DORA?
The objective of DORA is to increase the digital resilience of financial institutions, which is possible through:
- standardization of requirements regarding ICT risk management;
- establishing principles for monitoring, reporting and responding to digital incidents;
- ensuring continuity of operations and effective emergency procedures;
- testing the digital resilience of financial institutions so they can meet threats in crisis situations.
Since when has the DORA regulation been in force?
The DORA regulation was published in the Official Journal of the European Union on December 27, 2022, and its provisions entered into force on January 16, 2023. According to the regulations, financial institutions had a 2-year transitional period that lasted until January 16, 2025. Thanks to this, they could adapt their systems, processes and policies to the new requirements in the field of operational resilience.
However, it is worth remembering that some obligations, such as reporting serious incidents, came into effect on the date the Regulation entered into force, i.e., from January 16, 2023.
What areas does the DORA regulation cover?
The DORA regulation focuses on several areas:
- ICT risk management – DORA contains guidelines on identifying, protecting, detecting and responding to digital incidents and ways to recover systems after failures;
- reporting and responding to digital incidents – the regulation introduces unified principles for reporting serious digital incidents to the relevant supervisory authorities;
- third-party risk management – DORA imposes, among others, the obligation to assess risk, conduct due diligence and include appropriate contractual provisions;
- digital resilience testing – the regulation requires institutions to regularly test ICT systems in order to identify weaknesses in IT infrastructure;
- supervision of ICT service providers – DORA introduces direct supervision by European Supervisory Authorities over critical ICT service providers, especially those who provide services to the financial sector.
Who does DORA cover?
The DORA regulation has a wide scope and applies not only to financial institutions, but also to companies that provide services to the financial sector. It covers, among others:
- banks;
- insurance companies;
- payment institutions;
- investment firms;
- electronic money institutions;
- crypto-asset service providers;
- rating agencies;
- investment fund management companies.
DORA compliance and ICT service providers
DORA also imposes new obligations on all entities that provide ICT services to financial institutions, including:
- IT systems;
- mobile applications;
- cloud services;
- artificial intelligence (AI) solutions;
- other digital technologies.
Every ICT service provider that cooperates with financial institutions is therefore obliged to adapt their solutions to DORA requirements. It is also worth noting that the regulation does not only apply to large, experienced market players. It also covers companies from the:
- fintech;
- insurtech;
- lendtech;
- paperless solutions.
This means that if a given company provides digital services to financial entities, there is a high chance that it must comply with regulations resulting from DORA. If, on the other hand, you manage a financial institution and are looking for an ICT service provider that meets DORA requirements, our application is the answer to your needs!
Software providers and DORA
Software houses, companies dealing with cybersecurity, IT consulting, or system integration must also adapt their services to DORA requirements. This includes, among others:
- software development;
- cloud infrastructure management;
- IT systems testing;
- AI model development;
- user interface design (UI/UX).
In each of these fields, it is required that ICT service providers ensure uninterrupted availability of systems and meet security standards, and in case of problems, have ready emergency plans in accordance with regulations.
growAp – Business Profile management application compliant with DORA regulation
growAp is a modern Business Profile management application for the financial industry. Thanks to it, financial institutions can:
- automate content publication processes on Google Business Profile;
- monitor changes on Business Profile and respond to user reviews;
- block unauthorized changes that may indicate potential threats or errors;
- maintain operational continuity in terms of digital presence through ongoing supervision and quick response to incidents.
growAp helps financial organizations maintain full compliance with DORA requirements, supports ICT risk management and secures their Internet presence.
DORA regulation – summary
The DORA regulation represents an important step towards increasing the digital resilience of the financial sector in the European Union. It requires that financial institutions and their ICT service providers comply with uniform principles of digital risk management, incident response and maintaining business continuity. The growAp application meets all these requirements, enabling effective monitoring and quick response to potential threats.
Sources:
- DORA Regulation, https://www.knf.gov.pl/dla_rynku/dora, [online access: November 5, 2025].
- DORA Regulation, https://pl.wikipedia.org/wiki/Rozporz%C4%85dzenie_DORA, [online access: November 5, 2025].
- Regulation of December 14, 2022 on the digital operational resilience of the financial sector and amending Regulations (EC) No 1060/2009, (EU) No 648/2012, (EU) No 600/2014, (EU) No 909/2014 and (EU) 2016/1011, https://eur-lex.europa.eu/legal-content/PL/TXT/PDF/?uri=CELEX:32022R2554, [online access: November 5, 2025].
