Digital Operational Resilience Act (DORA)

The Digital Operational Resilience Act (DORA) is a European Union regulation that came into force on January 16, 2023 and applies as of January 17, 2025. It aims to strengthen the IT security of the financial sector. DORA establishes a comprehensive framework to ensure financial entities, such as banks, insurance companies, investment firms, and other financial institutions, can withstand, respond to, and recover from disruptions and threats, such as cyberattacks and system failures.

Key regulations include:

  • Risk management: Companies must develop and implement effective policies, processes, and governance structures to identify, manage, and mitigate ICT-related risks. They must regularly assess, document, and monitor internal and external ICT risks that could affect the integrity, security, and availability of information systems.
  • Incident response and recovery: Companies must implement appropriate technical and organizational measures to address risks. This means ensuring it has robust incident recovery and business continuity plans to restore services quickly in case of disruptions.
  • Risk monitoring and logging: Companies must implement strong mechanisms to continuously monitor their ICT systems, ensuring real-time detection of anomalies, vulnerabilities, or potential breaches.
  • Incident reporting: Companies must report major incidents, such as cyberattacks or system outages, to the relevant authorities within a specified timeframe, as determined by each member state.
  • Resilience testing: Companies must conduct periodic tests of their digital operational resilience to confirm they can withstand various ICT disruptions, including cyberattacks, system failures, and data breaches.
  • Training and awareness: Companies should conduct regular training programs to raise awareness of cyber risks and ensure DORA compliance among staff.
  • Protect data integrity and availability: Companies must protect the confidentiality, integrity, and availability of sensitive financial and customer data using strong encryption, access controls, and other data protection measures.

Piwik PRO aligns with DORA requirements to enhance cybersecurity and operational stability for its clients in regulated sectors, particularly finance. Supported by ISO 27001 and SOC 2 certifications, Piwik PRO has prepared a comprehensive mapping of DORA regulations, ensuring compliance with each regulatory mandate, from secure data storage and robust access controls to regular audits and risk management protocols.


  • What is considered protected health information (PHI) under HIPAA? A guide for healthcare marketers

    Quick summary What PHI is: Any individually identifiable health information created, received, maintained, or transmitted by a covered entity or its business associates Who it applies to: Healthcare providers, health plans, healthcare clearinghouses, and their business associates Why it matters for marketing: Marketing tools that collect or transmit PHI without a BAA create HIPAA compliance…

  • We checked 59 hospital websites. 73% kept tracking visitors after opt-out.

    A new study by Piwik PRO and Verified Data scanned 59 major US hospital and clinic websites for tracking and data compliance. The findings show just how common it is for major US healthcare websites to run marketing tools that weren’t built for a regulated environment. What we actually found Across the 59 scanned sites,…