DORA requires all financial institutions in the EU to implement an ICT (Information & Communications Technology) Risk Management Framework. The financial entities that DORA applies to include banks, investment firms and credit institutions as well as non-traditional finance entities such as crypto-asset service providers and crowdfunding platforms.

Source: Cyber Management Alliance