ANNOUNCEMENTVoyage AI joins MongoDB to power more accurate and trustworthy AI applications on Atlas. Learn more >
NEWMongoDB 8.0: Experience unmatched speed and performance. Check it out >
AnnouncementMongoDB 8.0: Experience unmatched speed and performance. Check it out >

Back to Trust Center


EU Digital Operational Resilience Act (DORA)

The EU Digital Operational Resilience Act (DORA) is a regulation that came into effect on January 17, 2025. Its primary goal is to strengthen the operational resilience of financial institutions across the European Union. DORA establishes standardised requirements for managing and mitigating ICT risks. MongoDB is dedicated to helping its financial services customers meet the requirements of DORA and has taken significant steps to assist our customers in meeting their continuity and operational resilience standards.

View compliance documentation in MongoDB’s Customer Trust Portal.

FAQ

What is DORA?

The EU Digital Operational Resilience Act (DORA) is a regulation that came into effect on January 17, 2025. Its primary goal is to strengthen the operational resilience of financial institutions across the European Union. DORA establishes standardised requirements for managing and mitigating ICT risks, ensuring that financial institutions can continue to provide critical services even in the face of disruptions. The regulation focuses on enhancing cyber resilience and ensuring effective management, recovery, and continuity of IT systems.

Who is affected by DORA?

DORA applies to a wide range of regulated financial services providers within the EU, such as banks, credit institutions, payment institutions, investment firms, and asset management companies. It also covers entities like crypto-asset services providers, trading venues, and credit rating agencies. Essentially, any financial institution subject to EU regulations that relies on digital systems and services must comply with DORA’s operational resilience standards.

How does MongoDB fulfil its important role as an ICT provider under DORA?

MongoDB is dedicated to helping customers meet the requirements of DORA and has taken significant steps to ensure our services align with the regulation. While MongoDB is not currently designated as a "critical" third-party service provider under DORA, we understand the importance of our role as an ICT provider. We have comprehensive risk management frameworks, incident response procedures, and disaster recovery plans in place to ensure continuity and resilience. We are prepared to collaborate with our DORA-regulated customers and work alongside regulatory authorities where necessary.

How does MongoDB support its customers’ Article 30 obligations under DORA?

Many of the obligations outlined in Article 30 are already integrated into MongoDB's standard customer agreements. For customers subject to DORA, MongoDB can also provide a Financial Services Addendum to help meet the specific contractual requirements set forth in the regulation if required. Our legal teams have crafted and updated this addendum to align with DORA’s provisions. If your organisation is subject to DORA and requires this addendum, please reach out to your dedicated account team for assistance.

This page is for informational purposes only, and MongoDB does not intend the information or recommendations presented here to constitute legal advice. Each customer is responsible for independently evaluating its own particular use of MongoDB's services as appropriate to support its legal and compliance obligations.

Ready to get started?

Launch a new app or migrate to MongoDB Atlas with zero downtime
Start with 512MB FreeContact