Does Digital Operational Resilience Act (DORA) require Record-Keeping & Documentation?

European Union • enforcing

Yes — 1 provision

Requirements at a glance

This regulation imposes 3 specific requirements for Record-Keeping & Documentation across 1 provision:

Digital Operational Resilience Testing #

Obligation:
Record Keeping
enforcing
Effective:
Jan 17, 2025
Risk tier:
all
Scope:
providers, deployers

Requirements

RequirementDetails
Resilience testing programConduct regular testing of ICT systems and tools
Threat-led penetration testingSignificant entities must perform TLPT aligned with TIBER-EU
Documentation and remediationDocument test results and remediate identified vulnerabilities

Penalties

ViolationFine
Non-complianceDetermined by national competent authorities per member state law
View full regulation View obligation Obligation matrix