🇪🇺 Live Medical Devices & Diagnostics

DORA

Establishes uniform requirements for the digital operational resilience of EU financial entities, covering ICT risk management, incident reporting, resilience testing, and third-party provider oversight. Applies to banks, insurers, investment firms, and their critical ICT service providers.

View official source document

170

Rules extracted

781

Obligations decomposed

4.6x

Avg obligations per rule

🇪🇺 European Union

Jurisdiction

What AuditDSS covers

Source

1

Regulation

Extracted

170

Rules

Decomposed

781

Obligations

4.6x

Decomposition ratio

Each rule is decomposed into an average of 4.6 atomic obligations — the smallest testable units that can be independently violated.

Fully extracted & scored

All 781 obligations have been decomposed, titled, risk-scored, and embedded for semantic matching.

Risk scoring

Every obligation in DORA is scored across independent risk dimensions:

W

Obligation Weight

How critical within the regulatory framework

L

Violation Likelihood

How often breached in practice

E

Enforcement Evidence

Regulator enforcement history and penalties

C

Cascade Dependency

How many obligations depend on this one

Regulatory details

Full title
DORA
Regulatory body
Joint Committee of European Supervisory Authorities (EBA/ESMA/EIOPA)
Jurisdiction
🇪🇺 European Union
Document type
regulation
Effective date
January 16, 2023
Issuing authority
European Parliament and Council
Industry
Medical Devices & Diagnostics
Official source
View source document ↗

Who this applies to

banksinsurersinvestment firmspayment institutionscrypto-asset service providersICT third-party providers

Key requirements

  • ICT risk management framework
  • ICT incident reporting
  • digital operational resilience testing
  • third-party ICT risk management
  • information sharing
  • oversight of critical ICT providers

Frequently asked questions about DORA

What is DORA?
Establishes uniform requirements for the digital operational resilience of EU financial entities, covering ICT risk management, incident reporting, resilience testing, and third-party provider oversight. Applies to banks, insurers, investment firms, and their critical ICT service providers.

Who does DORA apply to?
DORA applies to banks, insurers, investment firms, payment institutions, crypto-asset service providers, ICT third-party providers.

How many obligations does DORA contain?
AuditDSS has decomposed DORA into 781 atomic obligations from 170 rules. Each obligation is independently testable and risk-scored.

What are the key requirements of DORA?
The key requirements include: ICT risk management framework, ICT incident reporting, digital operational resilience testing, third-party ICT risk management, information sharing, oversight of critical ICT providers.

How can I assess my DORA compliance?
Upload your compliance policy to AuditDSS. The platform maps your document against all 781 DORA obligations using deterministic AI scoring — not checklists or LLM summaries. You get a risk-scored gap analysis showing exactly which obligations are covered, partially covered, or missing.

Which jurisdiction enforces DORA?
DORA is enforced in European Union by Joint Committee of European Supervisory Authorities (EBA/ESMA/EIOPA).

When did DORA come into effect?
DORA became effective on January 16, 2023.

What industry does DORA apply to?
DORA is primarily relevant to the Medical Devices & Diagnostics industry. AuditDSS covers 64 regulations in this industry sector.

Build a DORA compliance pack

Don't have a compliance policy yet? AuditDSS generates a complete compliance pack for DORA — alone or combined with other regulations your business needs. Every clause is mapped to specific obligations.

Policy

High-level commitments and governance framework covering DORA requirements.

Procedures

Step-by-step operational procedures to implement each policy commitment.

Forms & checklists

Ready-to-use forms, registers, and checklists for day-to-day compliance operations.

Multi-regulation

Combine DORA with other regulations into a single unified compliance pack for your business.

Build DORA compliance pack

Already have a policy? Assess it against DORA

1

Upload your document

Upload your compliance policy, program manual, or operational document. AuditDSS accepts any text-based document.

2

AI maps against 781 obligations

Your document is scored against every obligation in DORA. Each claim is mapped to the obligation tree and evaluated for coverage.

3

Risk-scored gap report

Receive every gap ranked by risk priority with remediation guidance, enforcement evidence, and cascade impact analysis.

Related regulations in Medical Devices & Diagnostics

🇺🇸 Live

Anti-Kickback Statute

38 rules, 1,238 obligations
🇦🇺 Live

ACL

13 rules, 211 obligations
🇦🇺 Live

AU Climate Disclosure

10 rules, 52 obligations
🇦🇺 Live

Fair Work Act 2009

16 rules, 260 obligations
🇦🇺 Live

Modern Slavery Act 2018

9 rules, 135 obligations
🇦🇺 Live

Privacy Act 1988

29 rules, 203 obligations
🇦🇺 Live

SOCI Act 2018

10 rules, 32 obligations
🇦🇺 Live

TGA Act 1989

13 rules, 199 obligations

Assess your DORA compliance

Upload your document and get a risk-scored gap analysis against 781 DORA obligations in under 5 minutes.

Start assessment Browse all regulations