DORA (Digital Operational Resilience Act)

DORA is an EU regulation that requires financial entities to ensure operational resilience of their ICT systems — including AI systems and AI agents used in financial services operations. It mandates risk management, incident reporting, testing, and third-party oversight requirements that directly apply to AI agent deployments in banks, insurers, and investment firms.