In force · 17 January 2025 · EU financial sector
DORA — in force since 17 January 2025.
The Digital Operational Resilience Act (Regulation (EU) 2022/2554) applies to banks, insurers, payment institutions, crypto-asset service providers, and their critical ICT third-party providers — including voice AI platforms used in regulated communications.
Deadline
In force since 17 January 2025.
Scope
EU financial entities + critical ICT third-party providers (CTPPs).
Penalties
Up to 1% of average daily worldwide turnover for CTPPs; direct supervisory powers by ESAs.
Audact coverage
ICT incident reporting feeds, evidence-chain integrity, exit-plan documentation.
How Audact covers DORA
- Major ICT-related incident classification and reporting feeds aligned with the EBA/ESMA/EIOPA joint RTS
- Exit-plan + portability documentation (functional equivalence, two-month switching window, no exit fees from 12 Jan 2027)
- Tamper-evident evidence chain for ICT change records, suitable for ESA inspection
- Standardised sub-contractor register feeding the financial entity's register of information
If Audact is your voice AI provider in a regulated finance deployment, DORA artefacts come built-in rather than as a separate compliance project.