:
Skip Navigation
Resources Blog Sonatype can help you navigate DORA compliance

Sonatype can help you navigate DORA compliance

Sonatype can help you navigate DORA compliance
1:33

Providers of digital products and services to the EU are being impacted by a suite of new cybersecurity regulations coming into force. Among them is the Digital Operations Resilience Act (DORA), and we've developed a checklist to help you manage key components on your journey to compliance.

What does DORA mean for software providers?

DORA is a European Union (EU) regulation designed to improve the cybersecurity of traditional financial institutions and non-traditional financial entities. DORA comes alongside a series of new regulations that have been adopted by the EU with the aim of improving cybersecurity.

The scope of DORA reaches into the supply chain supporting the financial industry in the EU. Organizations that had previously not been covered by financial regulations, such as third-party providers that supply financial entities with information and communications technology (ICT) systems and services, are included in the regulation. Noncompliant ICT providers can be penalized, with fines of up to 1% of the provider's annual turnover from the previous year.

Preparing for DORA

Financial institutions and the third-party ICT service providers that supply them must comply when enforcement starts in January of 2025. Sonatype addresses DORA's ICT risk management framework through comprehensive solutions for open source analysis, scanning software, and vulnerability assessments.

For an overview of steps to take towards DORA compliance, download our checklist.

Picture of Hannah Laurence

Written by Hannah Laurence

Hannah is the Global Campaign Manager at Sonatype, leveraging over 10 years of marketing experience in the SaaS B2B industry. In her role, she focuses on understanding upcoming regulations and compliance issues across the globe, assessing their impact on customers, and educating them on how to best prepare for compliance.