The EU’s Digital Operational Resilience Act (DORA) mandates financial entities and their suppliers to report major IT incidents to national regulators. Non-compliance carries significant penalties, including potential criminal liability for negligent management board members and fines up to 2% of global annual turnover.