Description
By January 17, 2026, the European Commission shall carry out a review of DORA requirements and submit a report to the European Parliament and the Council on the appropriateness of strengthened requirements for statutory auditors and audit firms. National competent authorities are expected to carry out audits and supervisory reviews in early 2026.
Requirements
- Review DORA compliance posture ahead of supervisory review
- Prepare documentation for potential NCA audit
- Ensure ICT risk management framework is current
- Validate incident response procedures
- Update digital operational resilience testing records
Applicable To
BanksInsurance CompaniesInvestment FirmsCritical ICT Service Providers
Penalty Information
âš Non-compliance with DORA can result in administrative fines and supervisory actions by national competent authorities.