'/%3e%3cuse xlink:href='%23a' transform='scale(-1 1)'/%3e%3c/g%3e%3cg id='c'%3e%3cuse xlink:href='%23b' transform='rotate(72)'/%3e%3cuse xlink:href='%23b' transform='rotate(144)'/%3e%3c/g%3e%3cuse xlink:href='%23c' transform='scale(-1 1)'/%3e%3c/g%3e%3c/defs%3e%3cpath fill='%23039' d='M0 0h810v540H0z'/%3e%3cg fill='%23fc0' transform='matrix(30 0 0 30 405 270)'%3e%3cuse xlink:href='%23d' y='-6'/%3e%3cuse xlink:href='%23d' y='6'/%3e%3cg id='e'%3e%3cuse xlink:href='%23d' x='-6'/%3e%3cuse xlink:href='%23d' transform='rotate(-144 -2.344 -2.11)'/%3e%3cuse xlink:href='%23d' transform='rotate(144 -2.11 -2.344)'/%3e%3cuse xlink:href='%23d' transform='rotate(72 -4.663 -2.076)'/%3e%3cuse xlink:href='%23d' transform='rotate(72 -5.076 .534)'/%3e%3c/g%3e%3cuse xlink:href='%23e' transform='scale(-1 1)'/%3e%3c/g%3e%3c/svg%3e){kind=small}
🌍
Jurisdiction
European Union
📅
Effective Date
2023
Jan 16, 2023
✅
Full Compliance
2025
Jan 17, 2025
🏛️
Regulator
EBA
Overview
DORA establishes uniform requirements for ICT security in the EU financial sector. It impacts Open Banking by setting standards for API security, incident reporting, and third-party risk management.
Scope & Coverage
ICT Risk ManagementIncident ReportingThird-Party Risk
Key Requirements
1
ICT risk management framework2
Incident reporting3
Digital resilience testing4
Third-party risk oversightKey Notes
Full compliance required by January 2025. Impacts all TPPs and banks.
Official Resources
Related Regulations
Other open banking frameworks in Europe:
'%3e%3cpath fill='%23012169' d='M0 0v30h60V0z'/%3e%3cpath stroke='%23fff' stroke-width='6' d='m0 0 60 30m0-30L0 30'/%3e%3cpath stroke='%23C8102E' stroke-width='4' d='m0 0 60 30m0-30L0 30' clip-path='url(%23b)'/%3e%3cpath stroke='%23fff' stroke-width='10' d='M30 0v30M0 15h60'/%3e%3cpath stroke='%23C8102E' stroke-width='6' d='M30 0v30M0 15h60'/%3e%3c/g%3e%3c/svg%3e){kind=small}
Need to comply with DORA?
Explore API aggregators that support European Union compliance.