Start Free Trial
Home/Regulations/DORA — EU Digital Operational Resilience Act — Regulatory Reference
Regulatory Reference
Financial Services Global / EU high

DORA — EU Digital Operational Resilience Act — Regulatory Reference

ICT risk management, third-party oversight — AI agent registry and vendor access controls directly apply.

Key Provisions
  • Regulation (EU) 2022/2554 — applies from 17 January 2025
  • ICT risk management framework (Articles 5–16)
  • ICT-related incident reporting (Articles 17–23)
  • Digital operational resilience testing (Articles 24–27)
  • ICT third-party risk management (Articles 28–44)
How AutoPIL Enforces It
  • Agent registry + source registry constitute the documented ICT inventory DORA requires
  • Audit chain supports incident reporting timelines by surfacing affected agents and data sources
  • Third-party (LLM provider) access controls enforced by the AutoPIL policy engine
Audit LogPolicy EngineAgent RegistryAlert RulesSensitivity Labels
AutoPIL Policy IDs
FS-DORA-ART5-001ICT Inventory via AutoPIL Registries
FS-DORA-ART17-001Incident Reporting Audit Support
FS-DORA-ART28-001Third-Party LLM Provider Controls
Official Sources
https://eur-lex.europa.eu/legal-content/EN/TXT/?uri=CELEX:32022R2554https://www.eba.europa.eu/regulation-and-policy/single-rulebook/interactive-single-rulebook/dora

This page is a working reference and not a substitute for qualified legal review. Verify against official sources before use in compliance artifacts.

AutoPIL Governance Platform

Enforce this regulation today

AutoPIL intercepts every AI agent data access call, enforces your policy, and writes a tamper-evident audit record — before sensitive data enters the agent context window.

Start Free Trial View All Industries