Digital Operational Resilience Act (DORA)

DORA is an EU Regulation primarily focused on ensuring financial entities manage risks arising from the use of information and communication technology (ICT), extending to the management of ICT third-party risks when outsourced service providers are used. IORPs (pension schemes) that meet certain criteria are among the financial entities in scope of DORA.  

For further information see Guidance below. All updates from the Authority regarding DORA will be published on this page.

Please note the Q&A document below will be updated by the Authority as necessary.

Pension schemes subject to DORA are obliged to report major ICT-related incidents to the Pensions Authority within prescribed timeframes. See here for information on major ICT-related incident reporting and significant cyber threats.