Who does DORA apply to?
Financial entities — banks, insurers, investment firms, crypto-asset service providers and more — and their critical ICT third-party providers.
DORA RESILIENCE PLATFORM
DORA compliance software for financial entities. ICT risk management framework, third-party register, incident classification and reporting, and resilience testing — in one workspace.
Articles 5–14 covered. Critical ICT third-party register included.
WITHOUT REGTRUE
ICT risk in one tool. Third parties in another. Incident classification in spreadsheets.
WITH REGTRUE
Risk, third parties, incidents, testing and management body sign-off — one continuous workflow.
DORA PILLARS
Governance, identification, protection, detection, response, recovery and learning.
Classification, notification timers and authority-ready submission templates.
Vulnerability assessments, scenario-based testing and TLPT for critical functions.
Critical ICT register, concentration analysis and contractual safeguards.
Cyber threat intelligence sharing arrangements with peer entities.
Determine whether DORA ICT risk, incident reporting and third-party rules likely apply to your entity.
Loading assessment…
Interactive orientation — runs locally without an account.
Evidence-first
Not a questionnaire with attachments — a lineage your auditor, bank or key account can follow in one click.
Reused across regulations: the same supplier evidence can serve PPWR and EUDR — answer once, branch where regulations diverge.
Who's in scope, what's required, and how Regtrue supports it.
Financial entities — banks, insurers, investment firms, crypto-asset service providers and more — and their critical ICT third-party providers.
ICT risk management, ICT incident classification and reporting, digital operational resilience testing, and ICT third-party risk management, underpinned by the RTS/ITS technical standards.
A guided assessment plus an ICT third-party register, incident workflows and evidence linking, so your resilience posture is documented and audit-ready.
They overlap on risk management and incident handling. Regtrue reuses shared evidence so you don't duplicate work if both apply.
DORA has applied since 17 January 2025. Regtrue helps you maintain and evidence ongoing compliance.
Depends on entity type and the size of your ICT third-party estate. Regtrue scopes the DORA module during onboarding; the scope wizard first confirms which DORA pillars apply to you.
A structured register of all ICT third-party arrangements that financial entities must maintain and report to supervisors. Regtrue keeps the register linked to contracts, risk assessments and concentration analysis.
Run the free DORA scope wizard, then continue in the platform with the same data.