DORA (Digital Operational Resilience Act)

DORA is a European Union regulation that requires financial services firms to ensure the operational resilience of their digital systems — including AI agents — against ICT-related disruptions and cyber threats. It mandates risk management frameworks, incident reporting, testing of resilience, and governance of third-party ICT service providers. For firms deploying AI agents in financial services, DORA requires that agents be covered by the same resilience and oversight programmes as other critical digital systems.