preloader

How DORA Shapes Your Enterprise AI Strategy


Tune in to the podcast for an insightful discussion narrated by AI

Listen on Apple Podcasts Listen on Spotify Podcasts Listen on YouTube Music Listen on Amazon Music Listen on Megogo

In this article:

blog-image

Learn how the EU’s DORA regulation impacts your enterprise AI strategy. Discover the five pillars of DORA and how to build resilient, compliant AI systems.

DORA Imperative

I remember sitting in a go-live call a few years back for a major system migration. Everything was green on the dashboard. Then, minutes after launch, a critical downstream service – something we all took for granted – started throwing cryptic errors. It was a classic brownfield problem: a dependency we hadn’t fully mapped. The frantic scramble to diagnose and remediate taught me a lesson that has stuck with me: resilience isn’t just about your code; it’s about your entire operational ecosystem.

Fast forward to today, and that ecosystem is infinitely more complex with the rapid integration of Artificial Intelligence. Regulators are catching up. For architects in the European Union’s financial sector, the Digital Operational Resilience Act (DORA) is arguably one of the most significant piece of technology regulation in a decade.

Effective from 17 January 2025, DORA establishes a binding, comprehensive framework for Information and Communication Technology (ICT) risk management. While not an “AI regulation” per se, its technology-neutral scope means that AI systems supporting critical or important functions (CIFs) fall directly under its stringent obligations.

When an AI model underpins a CIF – say, real-time fraud detection, credit underwriting, or algorithmic trading – the entire stack (model, data pipelines, APIs, monitoring tools) must be DORA-compliant. Traditional Model Risk Management (MRM), which focuses on output accuracy, is not enough. DORA demands evidence of operational resilience, cybersecurity, and business continuity across the full delivery system.

Some see this as just another compliance headache. I see it differently: for Enterprise and Solution Architects, DORA is a blueprint for building robust, trustworthy, enterprise-grade AI.


Deconstructing DORA’s Five Pillars for Architects

DORA harmonises disparate national regulations into a single framework built upon five key pillars. When you look at them through an AI lens, their architectural implications become profound.

  1. ICT Risk Management: Requires financial entities to maintain a comprehensive ICT risk management framework, with ultimate accountability resting with the management body. For AI, this means explicitly managing model risk, data dependency risk, and the unique vulnerabilities of the AI supply chain.
  2. ICT-Related Incident Management: Mandates processes for detecting, managing, logging, classifying, and reporting significant ICT-related incidents. The timelines are aggressive: after classifying an incident as major, an initial notification is due within 4 hours (and in any event, no later than 24 hours after detection). This is followed by an intermediate report within 72 hours and a final report within one month. An “AI incident” could be a subtle model drift causing financial loss, and your architecture must be able to detect and classify it promptly.
  3. Digital Operational Resilience Testing: Requires risk-based testing of all ICT systems. For financial entities designated as significant by supervisors, advanced Threat-Led Penetration Testing (TLPT) is required at a minimum cadence of every three years. This testing, which is aligned with the TIBER-EU framework, simulates real-world cyberattacks on critical functions and may involve live systems under carefully controlled conditions. This means your AI models will be actively and ethically attacked to find their breaking points.
  4. Managing ICT Third-Party Risk: Imposes stringent requirements for oversight of ICT third-party service providers. Contracts supporting CIFs must include audit rights, clear SLAs, incident notification duties, and robust exit strategies. This is a massive challenge when using third-party foundational models or MLOps platforms.
  5. Information Sharing: Encourages financial entities to exchange cyber threat intelligence within trusted communities to enhance collective resilience against sophisticated attacks, including those targeting AI systems.

The DORA-Compliant AI Risk Lifecycle: An Architectural Blueprint

Under DORA, the management body is ultimately responsible for ICT risk. Architects must design systems that provide tangible evidence of a robust risk management lifecycle. Let’s break down the key phases and their architectural requirements.

Identification: Know Your Assets

You can’t protect what you don’t know you have. DORA demands a complete inventory of ICT assets and their interdependencies.

Architectural Requirement:

An AI Model & Data Catalog is non-negotiable. This isn’t just a list; it’s a dynamic map of your AI ecosystem. It must inventory all models, classify their criticality via business impact analyses, and meticulously document all dependencies – the data sources they consume, the infrastructure they run on, and the third-party services they call.

Protection: Build a Fortress

You must implement safeguards against identified risks. This is where security and resilience are designed in, not bolted on.

Architectural Requirement:

This goes beyond basics. It means enforcing strong IAM, end-to-end encryption, secure deployment patterns using private networks and secure API gateways, and rigorous patch management across the entire AI stack. A core pattern here is the Resilient MLOps Pipeline, which builds protection into the development lifecycle through:

  • Immutable Registries: Every dataset, piece of code, and model is versioned and stored immutably. This creates a perfect audit trail for tracing the root cause of any incident.
  • Automated Security & Bias Testing: The CI/CD pipeline must include automated stages for bias checks and security vulnerability scanning.

Detection: See Everything

You must continuously monitor your systems to identify anomalies and potential incidents before they escalate.

Architectural Requirement:

A Continuous Monitoring & Feedback Hub is essential. I call this the AI Control Tower. This system must track not only statistical model performance and drift but also security anomalies like unusual inference patterns or unauthorized API access. This is your early warning system.

Here’s a simplified pseudo-code example of what an alert for data drift might look like in your control tower configuration:

# Pseudo-code for a monitoring agent
monitor: "LoanApplicationModel-v2.3"
metrics:
  - name: "DataDriftScore"
    type: "Anderson–Darling" # A statistical test to compare distributions
    reference_data: "training_dataset_snapshot_v2.3.csv"
    production_stream: "live_application_data_stream"
    schedule: "every_1h"

alert:
  trigger:
    metric: "DataDriftScore"
    condition: "p_value < 0.05" # If the p-value is low, distributions are significantly different
  action:
    type: "Webhook"
    url: "https://ops-team.com/hooks/pagerduty"
    payload:
      severity: "critical"
      summary: "Significant data drift detected in LoanApplicationModel-v2.3. Model retraining may be required."
      source: "AI-Control-Tower"

Response & Recovery: Plan for Failure

When an incident occurs, you need to ensure business continuity and rapid recovery.

Architectural Requirement:

Your AI systems must support model failover and fallback mechanisms. What happens if your primary fraud detection model goes offline? The system should automatically switch to a secondary model, a simpler rule-based engine, or a Human-in-the-Loop (HITL) queue. Furthermore, AI systems supporting CIFs must be included in the yearly ICT business continuity and disaster recovery testing required by DORA, proving you can redeploy them from a secure registry within your Recovery Time Objective (RTO).


Mastering Third-Party AI Risk: The New Frontier of Due Diligence

DORA introduces an oversight regime for critical ICT third-party providers (CTPPs) and requires you to manage risks from all ICT service providers. This is especially relevant to AI, given the reliance on:

  • Foundation Model Providers: (e.g., OpenAI, Anthropic, Google)
  • Cloud AI Service Providers: (e.g., AWS, Azure, GCP)
  • Specialised MLOps/LLMOps Vendors: (e.g., DataRobot, MLflow, Hugging Face)

Crucially, the financial entity remains fully responsible for these risks.

Architectural Controls for Third-Party AI Services

  • Centralised API Gateway: Route all outbound calls to external AI providers through a single, managed gateway. This enables policy enforcement, centralized logging, API key security, and anomaly detection.
  • The Anti-Corruption Layer (ACL): This is a powerful pattern to isolate your core systems from external dependencies. The ACL acts as a translator, decoupling your internal domain from the specifics of the third-party API. This makes it easier to enforce your own controls and, critically, facilitates exit strategies by allowing you to swap providers without rewriting your core business logic.
  • Data Sanitisation Layer: Before any data leaves your trust boundary to be processed by an external model, an automated layer should redact or pseudonymise Personally Identifiable Information (PII) and other sensitive data.

Due Diligence and Contractual Checklist for AI Providers

Before onboarding any AI service, your contracts and due diligence must be watertight:

Resilience & Security Evidence: Demand audit reports (SOC 2, ISO 27001), penetration test summaries, and BCP/DR plans with clearly defined RTO/RPO.

Data Governance: Get clarity on data location, residency compliance, retention policies, and segregation between clients. How will they use your data?

Transparency & Model Risk: Request comprehensive model documentation, including known limitations, bias mitigation strategies, and versioning information.

Contractual Safeguards: Your contract must include unrestricted rights of access and audit by your firm and its regulators, incident reporting timelines aligned with DORA, and a robust, tested exit strategy.


Advanced Resilience Testing for AI Systems

DORA’s mandate for Threat-Led Penetration Testing (TLPT) means your critical AI systems will face sophisticated, scenario-based attacks. This requires testing for AI-specific threat vectors, including:

  • Prompt Injection & Jailbreaking: Malicious prompts designed to override a model’s safety instructions.

  • Model Evasion (Adversarial Attacks): Subtle, often imperceptible perturbations to input data that cause the model to misclassify its output.

  • Data Poisoning: Corrupting the training data pipeline with malicious data to create a backdoor or systemic bias in the model.

  • Model Inversion & Membership Inference: Attacks designed to extract sensitive information from the training data by probing the model.

Architects must design AI systems to be testable from the ground up, providing isolated test environments, controlled API access for testers, and comprehensive logging to support the remediation and resilience improvement cycle.


Conclusion: From Burden to Advantage

It’s easy to look at DORA as a restrictive regulation. But as architects, our job is to see the opportunity within the constraints. DORA forces us to address the inherent brittleness of AI systems head-on. It pushes us to build the observability, governance, and resilience that these powerful technologies have always needed.

By embedding these principles into our AI strategy and enterprise architecture, we do more than just tick a compliance box. We build systems that are more reliable, more trustworthy, and ultimately, more valuable. In the new digital frontier, resilience is not just a defense; it’s the ultimate competitive advantage. And DORA, for all its complexity, has just handed us the map.


Further Reading

From this Blog

Quick reference


cover-wide

Thank you!

signature

🎧 Listen to the Podcast


🎬 Watch the Video on YouTube


🖥️ Enjoy the Slide Deck

--------------------

Follow me:

Share this post among others: