Digital Operational Resilience Act Compliance in Romania
DORA creates a comprehensive framework for ICT risk management in the financial sector. It requires resilience testing, third-party risk management, and incident reporting.
How does DORA apply in Romania?
DORA applies in Romania under EU law with the same obligations as across the bloc — maximum fine CTPPs: 1% of daily global turnover (up to 6 months); Financial entities: per national law. The national supervisory authority is the ANSPDCP (Autoritatea Națională de Supraveghere), which handles enforcement, complaints, and notifications. Deadline: January 17, 2025.
- Supervisory authority: ANSPDCP (Autoritatea Națională de Supraveghere)
- Maximum fine: CTPPs: 1% of daily global turnover (up to 6 months); Financial entities: per national law
- Key deadline: January 17, 2025
| Supervisory authority | ANSPDCP (Autoritatea Națională de Supraveghere) |
| Maximum fine | CTPPs: 1% of daily global turnover (up to 6 months); Financial entities: per national law |
| Key deadline | January 17, 2025 |
| Sectors affected | Banking, Insurance |
January 17, 2025
CTPPs: 1% of daily global turnover (up to 6 months); Financial entities: per national law
Banking, Insurance, Investment Firms
What are my DORA obligations in Romania?
- Implement ICT risk management framework
- Conduct digital operational resilience testing
- Manage third-party ICT risk
- Report major ICT-related incidents
- Share threat intelligence
Does DORA apply to your Romania business?
Find out in 2 minutes with our free regulation checker.
Check now — freeDORA compliance in other EU countries
Check Your Compliance Obligations
Find out which DORA obligations apply to your Romania organisation in under 2 minutes.
Explore DORA Compliance
For informational purposes only. This is not legal advice — consult qualified legal counsel.