DORA Compliance

DORA Article 11-12 — Continuous ICT resilience testing for Kubernetes

The Digital Operational Resilience Act (DORA) requires financial entities in the EU to conduct regular ICT resilience testing, including disaster recovery tests for critical systems. Kymaros automates this for Kubernetes infrastructure.

What DORA requires

DORA (Regulation EU 2022/2554) mandates that financial entities — banks, insurers, investment firms, payment providers, and their critical ICT third-party providers — test their ICT business continuity and disaster recovery plans regularly.

Article 11 requires “testing of ICT business continuity plans” and Article 12 mandates “backup policies and procedures, restoration and recovery policies and procedures.” The tests must be documented, and results must be available to competent authorities upon request.

For teams running workloads on Kubernetes, this means proving that your K8s backups actually restore — continuously, not once a year.

DORA timeline

January 2023
DORA enters into force
January 2025
DORA becomes applicable — financial entities must comply
Today
Regulators actively reviewing ICT resilience testing evidence

How Kymaros satisfies DORA

Each DORA requirement is addressed by a specific Kymaros capability — automated, documented, and auditable.

Article 11(6)

Regular testing of ICT business continuity plans

Automated nightly restore tests with cron scheduling — continuous, not annual

Article 12(1)

Testing of backup and restoration procedures

Full restore validation with 6-level scoring and health checks — every backup tested

Article 12(2)

Documentation of test results and remediation

Timestamped RestoreReport CRDs with confidence score, validation details, and RTO data

Article 12(3)

Reporting to competent authorities

PDF and CSV export of compliance dashboard — 90-day history, score trends, coverage maps

Who needs DORA compliance?

DORA applies to virtually all regulated financial entities in the EU and their critical ICT service providers.

Banks & credit institutions
Insurance & reinsurance
Investment firms
Payment service providers
Crypto-asset providers
Critical ICT third-party providers

DORA is not the only framework

Kymaros generates compliance evidence for multiple frameworks simultaneously. One nightly test produces evidence for SOC 2, ISO 27001, DORA, HIPAA, and PCI-DSS.

SOC 2 CC7.5ISO 27001DORAHIPAAPCI-DSS
See SOC 2 compliance details

Start your DORA compliance journey

Contact us for a DORA compliance deployment tailored to your financial institution. Enterprise tier includes audit-ready PDF reports and SIEM integration.

Contact SalesRead compliance docs