{"id":9505,"date":"2025-11-27T17:17:30","date_gmt":"2025-11-27T16:17:30","guid":{"rendered":"https:\/\/evidency.io\/?p=9505"},"modified":"2026-02-05T13:56:55","modified_gmt":"2026-02-05T12:56:55","slug":"understanding-dora-regulation-requirements","status":"publish","type":"post","link":"https:\/\/evidency.io\/en\/understanding-dora-regulation-requirements\/","title":{"rendered":"DORA Regulation: key considerations, obligations and compliance strategies"},"content":{"rendered":"<p><strong>Key takeaways<\/strong><\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong>DORA regulation establishes a unified EU framework for managing digital risks<\/strong>, ensuring that all financial institutions and their technology providers can maintain operations even during severe IT disruptions.<\/li>\n\n\n\n<li><strong>The regulation introduces harmonised obligations across all Member States<\/strong>, covering governance, ICT risk management, incident reporting, resilience testing and third-party oversight.<\/li>\n\n\n\n<li><strong>Its scope extends beyond financial entities to include critical technology providers<\/strong>, reflecting the essential role of digital services in safeguarding operational continuity.<\/li>\n\n\n\n<li><strong>Compliance requires robust capabilities in detecting, classifying and reporting ICT incidents<\/strong>, supported by continuous monitoring, structured documentation and proactive resilience measures.<\/li>\n\n\n\n<li><strong>Qualified timestamping emerges as a key enabler of DORA compliance<\/strong>, providing legally reliable proof of actions, enhancing traceability and strengthening the integrity of operational records.<\/li>\n<\/ul>\n\n\n\n<p><\/p>\n\n\n\n<h2 class=\"wp-block-heading\" id=\"titre1\">What is DORA regulation?<\/h2>\n\n\n\n<p>DORA regulation (Digital Operational Resilience Act), adopted at the end of 2022 and published shortly afterwards in the Official Journal of the European Union, is a cornerstone of the EU\u2019s strategy <strong>to strengthen the management of digital risks across the financial sector.<\/strong><\/p>\n\n\n\n<p>Its purpose is to establish a consistent framework ensuring that all financial entities operating within the EU can <strong>maintain business continuity, even when faced with significant IT disruptions.<\/strong><\/p>\n\n\n\n<p>DORA regulation sets out common rules for responding to incidents such <strong>as cyberattacks, system outages, software failures or the unavailability of a critical technology provider.<\/strong> Financial institutions are expected to ensure <strong>an adequate level of continuity<\/strong> while safeguarding the integrity of their operations and protecting their clients.<\/p>\n\n\n\n<h2 class=\"wp-block-heading\" id=\"titre2\">The objectives of DORA regulation<\/h2>\n\n\n\n<p>To strengthen operational resilience across Europe, the regulation sets out<strong> four key ambitions.<\/strong><\/p>\n\n\n\n<h3 class=\"wp-block-heading\">Ensuring business continuity<\/h3>\n\n\n\n<p>Financial institutions must be structured in a way that allows them to absorb a broad spectrum of disruptions, <strong>whether caused by a system failure, a cyberattack or the unavailability of a cloud provider.<\/strong><\/p>\n\n\n\n<p><strong>DORA regulation shifts the focus towards a truly proactive approach<\/strong>: business continuity is no longer treated as an emergency measure but as a fully integrated way of operating, embedded in the organisation\u2019s daily routines.<\/p>\n\n\n\n<h3 class=\"wp-block-heading\">Harmonising risk-management rules across member states<\/h3>\n\n\n\n<p><strong>Before DORA regulation, requirements relating to digital risk varied considerably from one jurisdiction to another.<\/strong><\/p>\n\n\n\n<p>The regulation now introduces a common foundation for all EU countries, setting shared expectations for governance, ICT service management and the oversight of third-party technology providers.<\/p>\n\n\n\n<h3 class=\"wp-block-heading\">Strengthening oversight of technology providers<\/h3>\n\n\n\n<p>DORA regulation introduces a more stringent supervisory framework <strong>for providers deemed critical,<\/strong> including the possibility of audits, clearly defined contractual obligations and direct oversight by European authorities.<\/p>\n\n\n\n<h3 class=\"wp-block-heading\">Enhancing the detection, documentation and reporting of incidents<\/h3>\n\n\n\n<p><strong>Organisations must be able to identify ICT-related incidents swiftly<\/strong>, assess their impact, classify them according to defined criteria and report them to the authorities within the required timeframe.<\/p>\n\n\n\n<p>This structured approach is designed <strong>to strengthen the collective ability of European institutions to understand emerging threats, coordinate responses and monitor systemic risks more effectively.<\/strong><\/p>\n\n\n\n<h2 class=\"wp-block-heading\" id=\"titre3\">The scope of organisations covered by DORA regulation<\/h2>\n\n\n\n<p>The regulation applies not only to financial institutions but also to the technology providers that support their operations. <strong>This broader approach reflects the central role that digital services now play in ensuring the continuity and reliability of financial activities.<\/strong><\/p>\n\n\n\n<h3 class=\"wp-block-heading\">Financial organisations covered<\/h3>\n\n\n\n<p>The regulation applies to a wide range of entities operating within the European Union, including:<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Credit institutions<\/li>\n\n\n\n<li>Payment institutions<\/li>\n\n\n\n<li>Electronic money institutions<\/li>\n\n\n\n<li>Account information service providers (AISPs)<\/li>\n\n\n\n<li>Investment firms<\/li>\n\n\n\n<li>UCITS management companies<\/li>\n\n\n\n<li>Alternative investment fund managers (AIFMs)<\/li>\n\n\n\n<li>Central securities depositories (CSDs)<\/li>\n\n\n\n<li>Central counterparties (CCPs)<\/li>\n\n\n\n<li>Trading venues (regulated markets, MTFs, OTFs)<\/li>\n\n\n\n<li>Administrators of critical benchmarks<\/li>\n\n\n\n<li>Securitisation repositories<\/li>\n\n\n\n<li>Data reporting service providers (DRSPs)<\/li>\n\n\n\n<li>Credit rating agencies<\/li>\n\n\n\n<li>Insurance and reinsurance undertakings<\/li>\n\n\n\n<li>Insurance and reinsurance intermediaries<\/li>\n\n\n\n<li>Occupational pension institutions<\/li>\n\n\n\n<li>Crypto-asset service providers and asset-referenced token issuers (MiCA)<\/li>\n\n\n\n<li>Licensed crowdfunding service providersy.<\/li>\n<\/ul>\n\n\n\n<p>All these organisations <strong>must embed DORA\u2019s requirements within their governance<\/strong> practices and strengthen their ability <strong>to ensure the continuity of their services, whatever the operational circumstances.<\/strong><\/p>\n\n\n\n<h3 class=\"wp-block-heading\">The inclusion of technology providers<\/h3>\n\n\n\n<p>DORA regulation does not limit its scope to financial institutions. <strong>Any technology service that supports a regulated activity automatically falls within the perimeter of the regulation.<\/strong><\/p>\n\n\n\n<p>In particular, it applies to:.<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Providers of digital identity or electronic signature services<\/li>\n\n\n\n<li>Hosts of sensitive data<\/li>\n\n\n\n<li>Software vendors whose solutions support transactions, cybersecurity or risk management<\/li>\n\n\n\n<li>Cloud service providers, whether offering infrastructure, platform or software services<\/li>\n\n\n\n<li>Providers responsible for processing, backing up or storing data<\/li>\n<\/ul>\n\n\n\n<p>This broadened scope reflects a clear principle: the operational resilience of a financial institution is inseparable from the reliability of its technological ecosystem. <strong>DORA therefore imposes enhanced obligations on all providers whose failure could jeopardise the continuity or security of a financial service.<\/strong><\/p>\n\n\n\n<h2 class=\"wp-block-heading\" id=\"titre4\">Key requirements of DORA regulation<\/h2>\n\n\n\n<h3 class=\"wp-block-heading\">Managing ICT risk<\/h3>\n\n\n\n<p><a href=\"https:\/\/evidency.io\/en\/reliable-audit-trail\/\">Compliance with DORA regulation <\/a><strong>requires organisations to establish a clear and comprehensive strategy for managing digital risks.<\/strong> This involves:<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Identifying vulnerabilities within their technological environment,<\/li>\n\n\n\n<li>Protecting data through robust and reliable backup solutions,<\/li>\n\n\n\n<li>Implementing effective business continuity mechanisms,<\/li>\n\n\n\n<li>Raising staff awareness of security best practices.<\/li>\n<\/ul>\n\n\n\n<p>The aim is to strengthen the organisation\u2019s ability to respond to disruptions arising from incidents involving information and communication technologies.<\/p>\n\n\n\n<h3 class=\"wp-block-heading\">Managing, classifying and reporting ICT-related incidents<\/h3>\n\n\n\n<p>DORA regulation requires financial organisations <strong>to establish a clear and responsive framework for handling ICT-related incidents.<\/strong> Entities must be able to detect anomalies quickly, assess their operational impact and maintain detailed records of every event. This approach relies on continuous system monitoring, precise logging of disruptions and systematic post-incident reviews to identify areas for improvement and strengthen internal procedures.<\/p>\n\n\n\n<p>Classification plays a central role, as it determines the severity of each incident based on several criteria, including:<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>The number of clients affected<\/li>\n\n\n\n<li>The duration of the disruption<\/li>\n\n\n\n<li>Associated financial losses<\/li>\n\n\n\n<li>Any potential exposure of sensitive data<\/li>\n\n\n\n<li>The involvement of a third-party provider<\/li>\n<\/ul>\n\n\n\n<p><strong>For major incidents,<\/strong> DORA sets out a structured reporting process to the relevant authorities. Organisations must submit an initial notification within twenty-four hours, provide an intermediate report once key information has been consolidated and, finally, deliver a comprehensive report detailing the full analysis and the corrective measures implemented.<\/p>\n\n\n\n<p><strong>This reporting framework is designed to enhance transparency and improve Europe-wide coordination in the face of digital risks.\u00a0<\/strong><\/p>\n\n\n\n<h3 class=\"wp-block-heading\">Resilience testing<\/h3>\n\n\n\n<p><strong>DORA regulation requires institutions to assess, on a regular basis, their ability to withstand digital disruption.<\/strong> These tests must be planned, documented and tailored to the specific risk profile of each organisation. They include routine technical exercises such as vulnerability assessments and incident simulations, as well as more advanced scenarios designed to evaluate how the organisation would respond in truly critical situations.<\/p>\n\n\n\n<p>Entities deemed significant <strong>must carry out these advanced tests every three years,<\/strong> under the supervision of independent specialists who meet the technical standards set by the European authorities.<\/p>\n\n\n\n<p>Each exercise must then be followed by<strong> a thorough review to identify areas for improvement and progressively strengthen the organisation\u2019s operational resilience.<\/strong><\/p>\n\n\n\n<h3 class=\"wp-block-heading\">Managing third-party risk<\/h3>\n\n\n\n<p>DORA <a href=\"https:\/\/evidency.io\/en\/european-cybersecurity-regulations-mica-dga-cra-data-act-ai-act\/\">regulation <\/a>places strong emphasis on outsourced services. <strong>Organisations must have a clear understanding of their technological dependencies<\/strong> and assess the potential impact of a provider\u2019s failure. This involves identifying all services entrusted to third parties, evaluating their criticality and ranking providers according to their operational importance.<\/p>\n\n\n\n<p>Contracts must include provisions covering service levels, data security, termination rights, audit rights and mandatory incident-reporting obligations. Certain highly sensitive providers may also be subject to enhanced supervision by European authorities.<\/p>\n\n\n\n<p><strong>Finally, DORA requires ongoing monitoring of third-party providers to ensure that commitments are met and that the associated risks remain under control.<\/strong><\/p>\n\n\n\n<h3 class=\"wp-block-heading\">Information sharing<\/h3>\n\n\n\n<p>DORA regulation encourages financial organisations <strong>to exchange relevant information on digital threats.<\/strong> The aim is to deepen the sector\u2019s collective understanding of emerging risks and strengthen its ability to respond effectively to attacks.<\/p>\n\n\n\n<p>Entities may share insights on observed fraud techniques, recent cyberattacks, newly identified vulnerabilities or proven technical mitigation measures.<\/p>\n\n\n\n<p>Such exchanges must be structured, secure and fully compliant with European rules, particularly those relating to competition and data protection.<\/p>\n\n\n\n<h2 class=\"wp-block-heading\" id=\"titre5\">Qualified Timestamping with Evidency: a solution for meeting DORA requirements<\/h2>\n\n\n\n<p>DORA regulation requires financial organisations <strong>to demonstrate, in a fully reliable and indisputable manner, the timeline of their actions and the integrity of their operational records. <\/strong>The ability to prove when an incident was detected, how it was handled and when the authorities were notified is central to the framework.<\/p>\n\n\n\n<p>Evidency, as a <strong>Qualified Trust Service Provider (QTSP) <\/strong>compliant with the <a href=\"https:\/\/evidency.io\/en\/eidas-2-0-and-european-digital-identity\/\">eIDAS Regulation<\/a>, offers a qualified timestamping service that directly addresses these needs. By applying qualified timestamps to documents and digital events, organisations can:<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Pinpoint precisely when an incident was detected,<\/li>\n\n\n\n<li>Track the creation or modification of operational documents,<\/li>\n\n\n\n<li>Maintain accurate records linked to risk-management processes,<\/li>\n\n\n\n<li>Demonstrate adherence to regulatory deadlines,<\/li>\n\n\n\n<li>Provide verifiable evidence during audits.<\/li>\n<\/ul>\n\n\n\n<p><a href=\"https:\/\/evidency.io\/en\/qualified-timestamping\/\">Qualified Timestamping<\/a> guarantees the integrity of information and provides legally binding proof throughout the European Union. It therefore becomes a decisive tool for strengthening documentation transparency and meeting the traceability requirements imposed by DORA regulation.<\/p>\n\n\n\n<h2 class=\"wp-block-heading\" id=\"titre6\">Building lasting digital resilience under DORA requirements<\/h2>\n\n\n\n<p>DORA Requirements introduces a structured approach to digital resilience and brings lasting changes to the expectations placed on both financial institutions and their technology providers. <strong>Compliance relies on clear governance, a well-defined understanding of risks and the proven ability to document every stage of incident handling and other sensitive operations.<\/strong><\/p>\n\n\n\n<p>In this context, <a href=\"https:\/\/evidency.io\/en\/what-is-eidas-certified-timestamping\/\">Qualified Timestamping<\/a> plays a pivotal role. It provides reliable evidence of the sequence of actions taken and ensures the quality of the documentation required by supervisory authorities. <strong>By reinforcing traceability and information integrity, it offers tangible support to organisations seeking to demonstrate their alignment with the obligations introduced by DORA Regulation.<\/strong><\/p>\n\n\n\n<div class=\"wp-block-buttons is-content-justification-center is-layout-flex wp-container-core-buttons-is-layout-16018d1d wp-block-buttons-is-layout-flex\">\n<div class=\"wp-block-button\"><a class=\"wp-block-button__link has-background wp-element-button\" href=\"https:\/\/evidency.io\/en\/contact-evidency\/\" style=\"background-color:#0c0171\">Contact our experts to talk about compliance<\/a><\/div>\n<\/div>\n\n\n\n<p><\/p>\n\n\n\n<p><em><strong>Disclaimer<\/strong><\/em><br><em>The opinions, presentations, figures and estimates set forth on the website including in the blog are for informational purposes only and should not be construed as legal advice. For legal advice you should contact a legal professional in your jurisdiction.<\/em><\/p>\n\n\n\n<p><em>The use of any content on this website, including in this blog, for any commercial purposes, including resale, is prohibited, unless permission is first obtained from Evidency. Request for permission should state the purpose and the extent of the reproduction. For non-commercial purposes, all material in this publication may be freely quoted or reprinted, but acknowledgement is required, together with a link to this website.<\/em><\/p>\n\n\n","protected":false},"excerpt":{"rendered":"<p>The European Union has introduced DORA Regulation to establish a consistent framework for managing technology-related risks and to bolster the capacity of financial institutions to sustain their operations, even in the event of major disruption.<br \/>\nThis regulation sets out a structured approach to operational resilience, grounded in preparedness, transparency and enhanced control over critical technology dependencies.<br \/>\nIn this article, we examine the core principles of DORA Regulation, the obligations it places on financial institutions and technology providers, and the key levers organisations can activate to ensure effective and durable compliance.<\/p>\n","protected":false},"author":246879328,"featured_media":10435,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"_acf_changed":false,"_et_pb_use_builder":"","_et_pb_old_content":"","_et_gb_content_width":"","_lmt_disableupdate":"","_lmt_disable":"","footnotes":""},"categories":[6495,6410],"tags":[],"ppma_author":[6458],"class_list":["post-9505","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-regulations","category-timestamping","author-marine-yborra"],"acf":{"profil":"","bio":""},"yoast_head":"<!-- This site is optimized with the Yoast SEO plugin v26.6 - https:\/\/yoast.com\/wordpress\/plugins\/seo\/ -->\n<title>Understanding the DORA regulation and its requirements<\/title>\n<meta name=\"description\" content=\"Discover the obligations, scope and requirements of DORA regulation, the new European framework for digital operational resilience.\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/evidency.io\/en\/understanding-dora-regulation-requirements\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Understanding the DORA regulation and its requirements\" \/>\n<meta property=\"og:description\" content=\"Discover the obligations, scope and requirements of DORA regulation, the new European framework for digital operational resilience.\" \/>\n<meta property=\"og:url\" content=\"https:\/\/evidency.io\/en\/understanding-dora-regulation-requirements\/\" \/>\n<meta property=\"og:site_name\" content=\"Evidency\" \/>\n<meta property=\"article:published_time\" content=\"2025-11-27T16:17:30+00:00\" \/>\n<meta property=\"article:modified_time\" content=\"2026-02-05T12:56:55+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/evidency.io\/wp-content\/uploads\/2026\/01\/reglementation-dora.webp\" \/>\n\t<meta property=\"og:image:width\" content=\"950\" \/>\n\t<meta property=\"og:image:height\" content=\"500\" \/>\n\t<meta property=\"og:image:type\" content=\"image\/webp\" \/>\n<meta name=\"author\" content=\"Marine Yborra\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"Nicolas Peigner\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"9 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\/\/schema.org\",\"@graph\":[{\"@type\":\"NewsArticle\",\"@id\":\"https:\/\/evidency.io\/en\/understanding-dora-regulation-requirements\/#article\",\"isPartOf\":{\"@id\":\"https:\/\/evidency.io\/en\/understanding-dora-regulation-requirements\/\"},\"author\":{\"name\":\"Nicolas Peigner\",\"@id\":\"https:\/\/evidency.io\/en\/#\/schema\/person\/c4fba2cace4e9303d552b60ebdc0618d\"},\"headline\":\"DORA Regulation: key considerations, obligations and compliance strategies\",\"datePublished\":\"2025-11-27T16:17:30+00:00\",\"dateModified\":\"2026-02-05T12:56:55+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\/\/evidency.io\/en\/understanding-dora-regulation-requirements\/\"},\"wordCount\":1688,\"publisher\":{\"@id\":\"https:\/\/evidency.io\/en\/#organization\"},\"image\":{\"@id\":\"https:\/\/evidency.io\/en\/understanding-dora-regulation-requirements\/#primaryimage\"},\"thumbnailUrl\":\"https:\/\/evidency.io\/wp-content\/uploads\/2026\/01\/reglementation-dora.webp\",\"articleSection\":[\"Regulations\",\"Timestamping\"],\"inLanguage\":\"en-US\"},{\"@type\":\"WebPage\",\"@id\":\"https:\/\/evidency.io\/en\/understanding-dora-regulation-requirements\/\",\"url\":\"https:\/\/evidency.io\/en\/understanding-dora-regulation-requirements\/\",\"name\":\"Understanding the DORA regulation and its requirements\",\"isPartOf\":{\"@id\":\"https:\/\/evidency.io\/en\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\/\/evidency.io\/en\/understanding-dora-regulation-requirements\/#primaryimage\"},\"image\":{\"@id\":\"https:\/\/evidency.io\/en\/understanding-dora-regulation-requirements\/#primaryimage\"},\"thumbnailUrl\":\"https:\/\/evidency.io\/wp-content\/uploads\/2026\/01\/reglementation-dora.webp\",\"datePublished\":\"2025-11-27T16:17:30+00:00\",\"dateModified\":\"2026-02-05T12:56:55+00:00\",\"description\":\"Discover the obligations, scope and requirements of DORA regulation, the new European framework for digital operational resilience.\",\"breadcrumb\":{\"@id\":\"https:\/\/evidency.io\/en\/understanding-dora-regulation-requirements\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\/\/evidency.io\/en\/understanding-dora-regulation-requirements\/\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/evidency.io\/en\/understanding-dora-regulation-requirements\/#primaryimage\",\"url\":\"https:\/\/evidency.io\/wp-content\/uploads\/2026\/01\/reglementation-dora.webp\",\"contentUrl\":\"https:\/\/evidency.io\/wp-content\/uploads\/2026\/01\/reglementation-dora.webp\",\"width\":950,\"height\":500,\"caption\":\"reglementation dora\"},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\/\/evidency.io\/en\/understanding-dora-regulation-requirements\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Evidency\",\"item\":\"https:\/\/evidency.io\/en\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"DORA Regulation: key considerations, obligations and compliance strategies\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\/\/evidency.io\/en\/#website\",\"url\":\"https:\/\/evidency.io\/en\/\",\"name\":\"Evidency\",\"description\":\"Sp\u00e9cialiste de la preuve num\u00e9rique\",\"publisher\":{\"@id\":\"https:\/\/evidency.io\/en\/#organization\"},\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\/\/evidency.io\/en\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":\"Organization\",\"@id\":\"https:\/\/evidency.io\/en\/#organization\",\"name\":\"Evidency\",\"url\":\"https:\/\/evidency.io\/en\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/evidency.io\/en\/#\/schema\/logo\/image\/\",\"url\":\"https:\/\/evidency.io\/wp-content\/uploads\/2024\/09\/header-logo.svg\",\"contentUrl\":\"https:\/\/evidency.io\/wp-content\/uploads\/2024\/09\/header-logo.svg\",\"width\":275,\"height\":58,\"caption\":\"Evidency\"},\"image\":{\"@id\":\"https:\/\/evidency.io\/en\/#\/schema\/logo\/image\/\"},\"sameAs\":[\"https:\/\/www.linkedin.com\/company\/evidency-io\/\"]},{\"@type\":\"Person\",\"@id\":\"https:\/\/evidency.io\/en\/#\/schema\/person\/c4fba2cace4e9303d552b60ebdc0618d\",\"name\":\"Nicolas Peigner\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/evidency.io\/en\/#\/schema\/person\/image\/a071e9b393d0615a4fc88b28477f483e\",\"url\":\"https:\/\/secure.gravatar.com\/avatar\/e715d858349a05f43035c04618d0dd510a10a05de09616ec2dac22d1fc3f8c1b?s=96&d=identicon&r=g\",\"contentUrl\":\"https:\/\/secure.gravatar.com\/avatar\/e715d858349a05f43035c04618d0dd510a10a05de09616ec2dac22d1fc3f8c1b?s=96&d=identicon&r=g\",\"caption\":\"Nicolas Peigner\"},\"description\":\"Lorem ipsum dolor sit amet, consectetur adipiscing elit. Phasellus aliquet dolor vel molestie pellentesque. Curabitur vitae condimentum lectus, ac laoreet magna. Nullam eu tortor odio.\",\"url\":\"https:\/\/evidency.io\/author\/nicolas2805\/\"}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"Understanding the DORA regulation and its requirements","description":"Discover the obligations, scope and requirements of DORA regulation, the new European framework for digital operational resilience.","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/evidency.io\/en\/understanding-dora-regulation-requirements\/","og_locale":"en_US","og_type":"article","og_title":"Understanding the DORA regulation and its requirements","og_description":"Discover the obligations, scope and requirements of DORA regulation, the new European framework for digital operational resilience.","og_url":"https:\/\/evidency.io\/en\/understanding-dora-regulation-requirements\/","og_site_name":"Evidency","article_published_time":"2025-11-27T16:17:30+00:00","article_modified_time":"2026-02-05T12:56:55+00:00","og_image":[{"width":950,"height":500,"url":"https:\/\/evidency.io\/wp-content\/uploads\/2026\/01\/reglementation-dora.webp","type":"image\/webp"}],"author":"Marine Yborra","twitter_card":"summary_large_image","twitter_misc":{"Written by":"Nicolas Peigner","Est. reading time":"9 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"NewsArticle","@id":"https:\/\/evidency.io\/en\/understanding-dora-regulation-requirements\/#article","isPartOf":{"@id":"https:\/\/evidency.io\/en\/understanding-dora-regulation-requirements\/"},"author":{"name":"Nicolas Peigner","@id":"https:\/\/evidency.io\/en\/#\/schema\/person\/c4fba2cace4e9303d552b60ebdc0618d"},"headline":"DORA Regulation: key considerations, obligations and compliance strategies","datePublished":"2025-11-27T16:17:30+00:00","dateModified":"2026-02-05T12:56:55+00:00","mainEntityOfPage":{"@id":"https:\/\/evidency.io\/en\/understanding-dora-regulation-requirements\/"},"wordCount":1688,"publisher":{"@id":"https:\/\/evidency.io\/en\/#organization"},"image":{"@id":"https:\/\/evidency.io\/en\/understanding-dora-regulation-requirements\/#primaryimage"},"thumbnailUrl":"https:\/\/evidency.io\/wp-content\/uploads\/2026\/01\/reglementation-dora.webp","articleSection":["Regulations","Timestamping"],"inLanguage":"en-US"},{"@type":"WebPage","@id":"https:\/\/evidency.io\/en\/understanding-dora-regulation-requirements\/","url":"https:\/\/evidency.io\/en\/understanding-dora-regulation-requirements\/","name":"Understanding the DORA regulation and its requirements","isPartOf":{"@id":"https:\/\/evidency.io\/en\/#website"},"primaryImageOfPage":{"@id":"https:\/\/evidency.io\/en\/understanding-dora-regulation-requirements\/#primaryimage"},"image":{"@id":"https:\/\/evidency.io\/en\/understanding-dora-regulation-requirements\/#primaryimage"},"thumbnailUrl":"https:\/\/evidency.io\/wp-content\/uploads\/2026\/01\/reglementation-dora.webp","datePublished":"2025-11-27T16:17:30+00:00","dateModified":"2026-02-05T12:56:55+00:00","description":"Discover the obligations, scope and requirements of DORA regulation, the new European framework for digital operational resilience.","breadcrumb":{"@id":"https:\/\/evidency.io\/en\/understanding-dora-regulation-requirements\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/evidency.io\/en\/understanding-dora-regulation-requirements\/"]}]},{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/evidency.io\/en\/understanding-dora-regulation-requirements\/#primaryimage","url":"https:\/\/evidency.io\/wp-content\/uploads\/2026\/01\/reglementation-dora.webp","contentUrl":"https:\/\/evidency.io\/wp-content\/uploads\/2026\/01\/reglementation-dora.webp","width":950,"height":500,"caption":"reglementation dora"},{"@type":"BreadcrumbList","@id":"https:\/\/evidency.io\/en\/understanding-dora-regulation-requirements\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Evidency","item":"https:\/\/evidency.io\/en\/"},{"@type":"ListItem","position":2,"name":"DORA Regulation: key considerations, obligations and compliance strategies"}]},{"@type":"WebSite","@id":"https:\/\/evidency.io\/en\/#website","url":"https:\/\/evidency.io\/en\/","name":"Evidency","description":"Sp\u00e9cialiste de la preuve num\u00e9rique","publisher":{"@id":"https:\/\/evidency.io\/en\/#organization"},"potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/evidency.io\/en\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Organization","@id":"https:\/\/evidency.io\/en\/#organization","name":"Evidency","url":"https:\/\/evidency.io\/en\/","logo":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/evidency.io\/en\/#\/schema\/logo\/image\/","url":"https:\/\/evidency.io\/wp-content\/uploads\/2024\/09\/header-logo.svg","contentUrl":"https:\/\/evidency.io\/wp-content\/uploads\/2024\/09\/header-logo.svg","width":275,"height":58,"caption":"Evidency"},"image":{"@id":"https:\/\/evidency.io\/en\/#\/schema\/logo\/image\/"},"sameAs":["https:\/\/www.linkedin.com\/company\/evidency-io\/"]},{"@type":"Person","@id":"https:\/\/evidency.io\/en\/#\/schema\/person\/c4fba2cace4e9303d552b60ebdc0618d","name":"Nicolas Peigner","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/evidency.io\/en\/#\/schema\/person\/image\/a071e9b393d0615a4fc88b28477f483e","url":"https:\/\/secure.gravatar.com\/avatar\/e715d858349a05f43035c04618d0dd510a10a05de09616ec2dac22d1fc3f8c1b?s=96&d=identicon&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/e715d858349a05f43035c04618d0dd510a10a05de09616ec2dac22d1fc3f8c1b?s=96&d=identicon&r=g","caption":"Nicolas Peigner"},"description":"Lorem ipsum dolor sit amet, consectetur adipiscing elit. Phasellus aliquet dolor vel molestie pellentesque. Curabitur vitae condimentum lectus, ac laoreet magna. Nullam eu tortor odio.","url":"https:\/\/evidency.io\/author\/nicolas2805\/"}]}},"modified_by":"Nicolas Peigner","authors":[{"term_id":6458,"user_id":0,"is_guest":1,"slug":"marine-yborra","display_name":"Marine Yborra","avatar_url":{"url":"https:\/\/evidency.io\/wp-content\/uploads\/2026\/01\/Marine-1.webp","url2x":"https:\/\/evidency.io\/wp-content\/uploads\/2026\/01\/Marine-1.webp"},"author_category":"1","first_name":"Marine","description_complete":"<p>Marine Yborra is the Chief Marketing Officer at Evidency, where she leads the company\u2019s marketing strategy. With over twenty years of international experience in both B2B and B2C environments, she has developed strong expertise in brand strategy, positioning, and activation. Her career, spanning diverse sectors and business models, gives her a unique ability to make complex, high-value solutions accessible and relevant to demanding markets.<\/p>\r\n\r\n<p>At Evidency, Marine is responsible for defining and communicating the company\u2019s value proposition to legal professionals, businesses, and organisations operating in regulated industries. She drives initiatives to raise awareness of Evidency\u2019s role as a Qualified Trust Service Provider (QTSP), ensuring that its solutions, ranging from qualified timestamping and electronic seals to long-term compliant archiving, are clearly understood and widely adopted. She translates regulatory and technical topics into actionable insights, helping professionals ensure the authenticity, integrity, and legal validity of their digital evidence.<\/p>","domaine_dexpertise":"<ul>\r\n \t<li>Communication and digital strategy<\/li>\r\n \t<li>Digital transformation<\/li>\r\n \t<li>B2B and B2C<\/li>\r\n<\/ul>","last_name":"Yborra","user_url":"","job_title":"CMO","linkedin":"https:\/\/www.linkedin.com\/in\/marine-yborra-marketing\/","description":"Marine is the Chief Marketing Officer at Evidency. A specialist in branding and brand activation, she has international experience in both B2B and B2C."}],"_links":{"self":[{"href":"https:\/\/evidency.io\/en\/wp-json\/wp\/v2\/posts\/9505","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/evidency.io\/en\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/evidency.io\/en\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/evidency.io\/en\/wp-json\/wp\/v2\/users\/246879328"}],"replies":[{"embeddable":true,"href":"https:\/\/evidency.io\/en\/wp-json\/wp\/v2\/comments?post=9505"}],"version-history":[{"count":5,"href":"https:\/\/evidency.io\/en\/wp-json\/wp\/v2\/posts\/9505\/revisions"}],"predecessor-version":[{"id":11304,"href":"https:\/\/evidency.io\/en\/wp-json\/wp\/v2\/posts\/9505\/revisions\/11304"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/evidency.io\/en\/wp-json\/wp\/v2\/media\/10435"}],"wp:attachment":[{"href":"https:\/\/evidency.io\/en\/wp-json\/wp\/v2\/media?parent=9505"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/evidency.io\/en\/wp-json\/wp\/v2\/categories?post=9505"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/evidency.io\/en\/wp-json\/wp\/v2\/tags?post=9505"},{"taxonomy":"author","embeddable":true,"href":"https:\/\/evidency.io\/en\/wp-json\/wp\/v2\/ppma_author?post=9505"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}