The Digital Operational Resilience Act (DORA), in force since January 2025, is a significant legislative framework designed to enhance digital/cyber security and resilience for financial institutions in Europe. DORA requires management bodies to define, approve and supervise the information and communication technology risk management framework of financial entities. DORA allows for regulatory investigations and the imposition of administrative and remedial penalties in the event of a breach. Importantly, penalties can be imposed personally on management responsible for compliance. This includes directors and officers. Although many D&O policies do not cover regulatory penalties imposed, any breaches could also result in potential liabilities to third parties such as shareholders. These claims may trigger D&O coverage, meaning insurers should both be familiar with the steps that their policyholders are taking to ensure compliance, and check that policies are appropriately worded to limit coverage where necessary.