DORA applies to a broad range of financial service providers, including banks, credit institutions, payment institutions, e-money institutions, investment firms, and crypto-asset service providers, among others. But importantly, DORA defines critical ICT services provided to financial institutions. If an organization is a provider of critical ICT services to a financial institution, it will be subject to direct regulatory oversight under the DORA framework. That includes, for example, cloud platforms and data analytics services.