Financial Services

The EU's Digital Operational Resilience Act: frequently asked questions

Published on 1st September 2025

Who and what are in scope and what are the main requirements, third-party risks and overlaps? 

The European Union's new Digital Operational Resilience Act (DORA) for financial sector entities significantly changes the IT compliance landscape, replacing many existing legal and regulatory requirements. This shift from supervisory guidelines to regulations considerably increases the risk of non-compliance.

To assist businesses across Europe with governance and compliance, Osborne Clarke has published a frequently asked questions (FAQ) document about DORA.

The FAQ document covers the scope, requirements, risks and legislative overlaps of the DORA regulation – and provides a valuable and handy reference material for businesses seeking clarity on compliance requirements, timelines or specific provisions and looking to navigate the new regulation effectively.

Read our DORA regulation FAQ document (PDF).

At Osborne Clarke, we understand that our clients need support not only in the legal-formal dimension but also in the engineering realm. In IT compliance projects, we collaborate with renowned partners, where security and IT consultants work hand in hand with our lawyers to ensure that formal regulations align appropriately with the technical and organisational capabilities of the client.

For further information, please visit Osborne Clarke's DORA webpage.

* This article is current as of the date of its publication and does not necessarily reflect the present state of the law or relevant regulation.

Interested in hearing more from Osborne Clarke?