> For the complete documentation index, see [llms.txt](https://docs.ospree.io/llms.txt). Markdown versions of documentation pages are available by appending `.md` to page URLs; this page is available as [Markdown](https://docs.ospree.io/learn/digital-operational-resilience-act.md).

# Digital Operational Resilience Act

### What is DORA?

The Digital Operational Resilience Act (DORA) is an EU regulation that came into force in January 2025. It sets mandatory requirements for how financial entities and their ICT service providers manage technology risk, respond to incidents, test operational resilience, and govern third-party technology dependencies.

DORA applies directly to regulated financial entities operating in the EU, including crypto-asset service providers (CASPs), banks, payment institutions, investment firms, custodians, and trading venues. It also places specific obligations on ICT third-party service providers that deliver critical technology services to those entities.

For digital asset businesses, DORA raises the bar for how you select, contract with, and oversee your technology vendors, including your compliance infrastructure providers.<br>

### Does DORA Apply to Your Business?

DORA applies to you if you are a regulated entity operating in the EU, including:

* Crypto-asset service providers (CASPs) authorised under MiCA
* VASPs and other regulated digital asset businesses
* Payment institutions and e-money institutions
* Banks, investment firms, and custodians
* Exchanges and trading venues

If you rely on third-party technology platforms, including compliance software, to deliver regulated services, DORA requires you to ensure those vendors meet specific contractual, operational, and resilience standards set out under Article 28.<br>

### Ospree's Position as an ICT Third-Party Provider

Ospree is a technology provider to regulated financial entities. Under DORA, that means your organisation has obligations around how you select, contract with, and oversee us as part of your ICT third-party risk management framework.

We take those obligations seriously, both for your sake and ours.

Ospree's platform, infrastructure, and contractual arrangements are designed to support the expectations DORA places on ICT providers to regulated entities. We do not claim that using Ospree makes your organisation DORA-compliant, compliance is your obligation, and it extends across your full technology estate. What we can do is make sure that Ospree's side of that equation is well-documented, evidenced, and contractually sound.<br>

### What Ospree Provides to Support Your DORA Obligations

Ospree supports customers by providing specific measures that help address DORA-related ICT third-party risk obligations, including DORA-aligned contractual documentation, security controls, incident management, business continuity processes, service availability commitments, and ICT third-party risk transparency.

Ospree's Master Services Agreement (MSA) and Data Processing Agreement (DPA) are structured to support these requirements. Customers can request our DORA contractual schedule, a document that maps our standard contract provisions to Article 28 requirements, as part of their vendor due diligence process. To request the DORA contractual schedule, contact your Ospree account manager or reach out to <sales@ospree.io>

### Regulatory References

* European Union. (2022). *Regulation (EU) 2022/2554 on digital operational resilience for the financial sector*. Official Journal of the European Union. <https://eur-lex.europa.eu/eli/reg/2022/2554/oj/eng?utm_source=chatgpt.com>
* European Banking Authority. (2025). *Digital Operational Resilience Act: Oversight of critical ICT third-party providers*. European Banking Authority. <https://www.eba.europa.eu/activities/direct-supervision-and-oversight/digital-operational-resilience-act?utm_source=chatgpt.com>&#x20;


---

# Agent Instructions
This documentation is published with GitBook. GitBook is the documentation platform designed so that both humans and AI agents can read, navigate, and reason over technical content effectively. Learn more at gitbook.com.

## Querying This Documentation
If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter:

```
GET https://docs.ospree.io/learn/digital-operational-resilience-act.md?ask=<question>
```

The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.