Skip to main content

In force · 17 January 2025 · EU financial sector

DORA — in force since 17 January 2025.

The Digital Operational Resilience Act (Regulation (EU) 2022/2554) applies to banks, insurers, payment institutions, crypto-asset service providers, and their critical ICT third-party providers — including voice AI platforms used in regulated communications.

Deadline

In force since 17 January 2025.

Scope

EU financial entities + critical ICT third-party providers (CTPPs).

Penalties

Up to 1% of average daily worldwide turnover for CTPPs; direct supervisory powers by ESAs.

Audact coverage

ICT incident reporting feeds, evidence-chain integrity, exit-plan documentation.

How Audact covers DORA

  • Major ICT-related incident classification and reporting feeds aligned with the EBA/ESMA/EIOPA joint RTS
  • Exit-plan + portability documentation (functional equivalence, two-month switching window, no exit fees from 12 Jan 2027)
  • Tamper-evident evidence chain for ICT change records, suitable for ESA inspection
  • Standardised sub-contractor register feeding the financial entity's register of information

If Audact is your voice AI provider in a regulated finance deployment, DORA artefacts come built-in rather than as a separate compliance project.