DORA enforcement timeline
Every key DORA date — entry into force, transposition deadlines, phased provisions, and compliance milestones. 3 milestones tracked, sourced directly from EUR-Lex.
When does DORA take effect?
DORA (Regulation (EU) 2022/2554) has 3 key enforcement milestones. 3 milestones have already passed; 0 milestones are upcoming.
Source: Regulation (EU) 2022/2554 via EuroComply EU Regulation Deadlines dataset
Total milestones
3
In force
3
Upcoming
0
DORA — complete milestone timeline
Regulation (EU) 2022/2554 · Official text
DORA enters into application
Digital Operational Resilience Act becomes fully applicable. Financial entities must have ICT risk management frameworks, incident classification and reporting procedures, digital resilience testing programmes, and third-party ICT provider oversight in place.
Applies to: financial entities as defined in Art. 2: credit institutions, payment institutions, e-money institutions, investment firms, crypto-asset service providers, insurance undertakings, CCPs, trading venues, and ICT third-party service providers designated as critical
Penalty: periodic penalty payments up to 1% of average daily worldwide turnover for up to 6 months; supervisory measures including activity suspension
Financial entities submit register of ICT third-party providers to supervisors
Financial entities must submit their first register of information on all contractual arrangements with ICT third-party service providers to their national competent authority (Article 28(3)).
Applies to: financial entities within DORA scope
Penalty: supervisory measures; up to 1% of average daily worldwide turnover per day for up to 6 months
ESAs designate first critical ICT third-party service providers (CTPPs)
Joint Committee of ESAs (EBA, EIOPA, ESMA) will designate critical ICT third-party service providers following assessment. Designated CTPPs become subject to oversight framework and must appoint a legal representative in the EU.
Applies to: ICT third-party service providers serving financial entities in the EU (cloud providers, data analytics, etc.)
Penalty: up to €5M or up to 1% of average daily worldwide turnover per day for up to 6 months
Embed a countdown widget
Add a live DORA deadline countdown to your website or intranet with a single script tag.
Browse embed widgets →Does DORA apply to your business before the deadline?
Find out in 2 minutes with our free regulation checker.
Check scope — freeFor informational purposes only. This is not legal advice — consult qualified legal counsel for advice specific to your situation. Dates reflect official EUR-Lex sources; verify with your national competent authority for jurisdiction-specific transposition dates.
Last updated: