Skip to main content
Security & Compliance

Digital Operational Resilience Act (DORA)

The Digital Operational Resilience Act (DORA) is a European Union regulation that strengthens the digital resilience of financial entities. It establishes uniform requirements so that firms in the financial sector can withstand, respond to, and recover from Information and Communication Technology (ICT) disruptions and threats.

DORA came into effect in January 2023 and became fully applicable on January 17, 2025. It applies to a wide range of financial entities including banks, insurance companies, investment firms, and ICT third-party service providers, particularly cloud providers like Files.com that support financial-sector operations.

Files.com and DORA

Files.com supports customers in meeting their DORA obligations through the following capabilities:

  • Secure infrastructure, including encryption in transit and at rest, detailed audit logs, access controls, and regional storage options.
  • Business continuity and incident response, supported by redundant systems, high-availability architecture, and documented incident management processes.
  • Operational and security monitoring, including real-time monitoring, automated alerting, and SIEM integration support.
  • Independent security validation through an annual SOC 2 Type II audit conducted by an independent third-party firm, validating the effectiveness of our security, availability, and confidentiality controls.
  • A DORA Addendum available to qualified customers upon request.

Shared Responsibility

DORA compliance using Files.com operates under a Shared Responsibility Model. Files.com is responsible for the infrastructure, platform, and security controls we provide. You are responsible for configuring your usage, conducting your own resilience testing, managing risk assessments, and fulfilling regulatory reporting duties.

DORA compliance is achievable only if your environment is configured correctly. We provide the platform, security features, and operational tools. You implement and use them in a manner consistent with DORA and other applicable regulatory requirements.

This article is not legal advice. Organizations subject to DORA are solely responsible for confirming that their use of Files.com complies with all provisions of the regulation, including ICT risk management, incident handling, and third-party oversight. Work with your legal and compliance teams to determine your specific obligations under DORA and to validate that your implementation of Files.com supports your operational resilience goals.