European Survey on DORA – 2026 edition
Strengthening digital operational resilience in the financial sector
The Digital Operational Resilience Act (DORA) is a key EU regulation designed to enhance cyber risk management within the financial sector, with the objective to enhance the security posture of financial entities in scope in face of ICT disruptions and cyber threats.
In the first quarter of 2026, Deloitte conducted an in-depth European survey with the objectives to assess the current compliance readiness of 50 financial entities across 13 countries within the Regulation’s scope, and to identify the key challenges they face in achieving full compliance with DORA requirements, providing a deeper and broader look at the European market.
Key facts and figures
Disclaimer:
This survey report reflects the views and responses collected in February 2026 and may not capture developments or changes in the Digital Operational Resilience Act (DORA) landscape occurring thereafter.
The findings represent the opinions of the survey participants at the time of data collection and may not be fully representative of all organisations subject to DORA requirements.
While Deloitte has made every effort to ensure the accuracy and reliability of the information presented, this report is provided for general informational purposes only and should not be construed as legal or regulatory advice.
Deloitte accepts no liability for any loss or damage arising from reliance on the content of this survey report. Readers are encouraged to consult with their own advisors regarding compliance with DORA.
Before you deep dive in the full survey, discover a high-level view on:
1. The participants in this survey covering the customer size, entity legal type, and revenue distribution of the financial entities
2. Compliance, the date when financial entities expect to reach full compliance with the DORA, including a clear breakdown of full compliance ambitions based on the specific legal type of the surveyed financial entities.
3. Agreed timeframe for receiving ICT incident notifications by Third Party Providers
4. Use of Software Bill of Materials
5. On-site Inspections on Third Party Providers
The insights gathered from our latest survey offer practical guidance on the critical success factors driving effective DORA implementation, providing organizations with common pitfalls and effective interpretation of the regulatory requirements to accelerate compliance timelines and strengthen operational resilience.
By examining how leading institutions address key compliance pillars, overcome common implementation obstacles, and embed digital resilience into their operating model, you can chart a more efficient path to regulatory readiness.
Discover how your organization can stay ahead. Explore the full survey findings and uncover tailored solutions to meet the DORA requirements with confidence..
