Digital Operational Resilience Act (DORA), Article 2, Personal scope.
1. This Regulation applies to the following entities:
(a) credit institutions,
(b) payment institutions,
(c) electronic money institutions,
(d) investment firms,
(e) crypto-asset service providers, issuers of crypto-assets, issuers of asset-referenced tokens and issuers of significant asset-referenced tokens,
(f) central securities depositories,
(g) central counterparties,
(h) trading venues,
(i) trade repositories,
(j) managers of alternative investment funds,
(k) management companies,
(l) data reporting service providers,
(m) insurance and reinsurance undertakings,
(n) insurance intermediaries, reinsurance intermediaries and ancillary insurance intermediaries,
(o) institutions for occupational retirement pensions,
(p) credit rating agencies,
(q) statutory auditors and audit firms,
(r) administrators of critical benchmarks,
(s) crowdfunding service providers,
(t) securitisation repositories,
(u) ICT third-party service providers.
2. For the purposes of this Regulation, entities referred to in paragraph (a) to (t) shall collectively be referred to as ‘financial entities’.