DORA and AI: What Financial Institutions Need to Address Now

Since 17 January 2025, the Digital Operational Resilience Act (DORA) has been in force. This European regulation requires financial institutions to structurally safeguard their digital resilience — and that explicitly includes AI systems. Yet in practice, we observe that many banks, insurers and pension funds underestimate the implications of DORA for their AI landscape. The focus until now has understandably been on broad ICT risks, but AI brings specific challenges that require targeted attention.

In this article, we analyse the intersection of DORA and AI governance: which requirements are directly relevant to AI systems, where do the greatest compliance risks lie, and what can you as CIO or compliance officer concretely do to bring your organisation into compliance in time?

DORA in brief: scope and relevance for AI

DORA applies to virtually all financial entities in the EU: banks, insurers, investment firms, pension funds, payment institutions and crypto-asset service providers. The regulation focuses on five pillars: ICT risk management, incident reporting, digital resilience testing, management of ICT third-party risks and information sharing.

AI systems explicitly fall within the scope of DORA when they form part of the ICT services that a financial institution uses for its business processes. Think of credit scoring models, fraud detection systems, robo-advisory functions, automated claims assessments and chatbots for customer interaction. Each of these systems is an ICT asset within the meaning of DORA and must be managed accordingly.

What distinguishes DORA from earlier regulation is the emphasis on operational resilience. It is not only about preventing incidents, but about the organisation's ability to continue functioning when an AI system fails, is compromised or produces unreliable outputs.

ICT risk management for AI systems

Articles 6 through 16 of DORA set detailed requirements for the ICT risk management framework of financial institutions. For AI systems, this translates into a number of concrete obligations.

Identification and classification. Every financial institution must maintain an up-to-date register of all ICT assets, including AI models and the data they depend on. In practice, this means you need an AI inventory that records per model: the purpose, the data used, the owner, the criticality for business processes and the dependency on third parties. Many organisations do not have such an inventory, while it forms the foundation for all further compliance activities.

Risk assessment. AI systems carry risks that are less prominent in traditional ICT systems: model drift, data bias, adversarial attacks, hallucination in generative AI and unexplainable decision-making. DORA requires these risks to be identified, assessed and mitigated within the broader ICT risk management framework. It is advisable to develop an AI-specific risk taxonomy as a supplement to your existing risk register.

Continuous monitoring. DORA mandates real-time monitoring of ICT systems. For AI models, this means you must implement mechanisms that continuously monitor model performance, data quality and output reliability. A credit scoring model that gradually becomes less accurate due to shifting market conditions — a phenomenon known as concept drift — must be automatically detected and escalated before it causes operational harm.

Incident reporting for AI failures

DORA introduces a harmonised incident reporting regime. Financial institutions must report significant ICT-related incidents to their supervisor — in the Netherlands DNB or AFM, depending on the type of institution.

For AI systems, this raises a fundamental question: when is an AI failure a reportable incident? DORA applies criteria such as the number of affected clients, the duration of the disruption, the geographic reach and the economic impact. A fraud detection model that fails to assess transactions for two hours likely falls under this threshold. But what about an AI model that structurally disadvantages certain customer segments without this being directly visible on operational dashboards?

Our recommendation is to define AI-specific incident criteria that align with the DORA thresholds but account for the unique failure modes of AI. Establish at which deviation in model performance, at which degree of bias or at which level of unexplainability the incident process is triggered. Ensure the incident response team has AI expertise or direct access to data scientists who can perform the technical analysis.

Digital resilience testing of AI models

DORA prescribes that financial institutions periodically test their digital resilience. This includes penetration testing, scenario analyses and — for systemically critical institutions — threat-led penetration testing (TLPT) under the TIBER-EU framework.

For AI systems, this has far-reaching consequences. Traditional penetration tests focus on infrastructure vulnerabilities: is the server properly configured, are API endpoints secured, are access rights correctly set? AI systems additionally require a layer of model-specific tests:

Adversarial testing: Can the model be manipulated through carefully constructed inputs? A fraud detection model that can be misled by subtle patterns in transaction data poses a direct operational risk.

Robustness testing: How does the model perform under extreme but plausible conditions? Consider a sudden economic shock, a pandemic or a cyber attack that disrupts input data.

Fairness testing: Does the model systematically produce different outcomes for protected groups? This is not only an ethical issue but also a compliance risk, given the increasing attention from regulators to algorithmic discrimination.

It is essential that these AI-specific tests are integrated into your existing test framework and that the results are documented and auditable. The European Supervisory Authorities (ESAs) have announced they will specifically examine the robustness of AI systems in their supervisory activities.

Management of AI vendors as third parties

Chapter V of DORA regulates the management of ICT third-party risks. This is particularly relevant for AI, as many financial institutions depend on external AI services: cloud-based ML platforms, pre-trained foundation models, AI-as-a-Service providers and external data feeds that serve as input for AI models.

DORA requires financial institutions to maintain a register for each critical ICT third-party service provider, include contractual safeguards (including exit strategies and audit rights) and manage concentration risks. For AI vendors, this concretely means:

Model transparency: Can you require your vendor to provide insight into how the model works, which data was used for training and how updates are implemented? With black-box models from large technology platforms, this is a real challenge.

Exit strategy: What happens if your AI vendor ceases service, raises prices or changes terms? DORA requires that you can migrate to an alternative without unacceptable disruption to your business processes. For AI models that are deeply integrated into decision-making processes, this is often more complex than with traditional ICT services.

Concentration risk: How many of your AI models run on the same cloud infrastructure or use the same foundation model? If a single vendor fails, how many business processes are affected? DORA requires you to map and mitigate this concentration risk.

The intersection with the EU AI Act

DORA does not stand alone. Financial institutions deploying AI must simultaneously comply with the EU AI Act, which entered into force in phases from August 2025. The combination of both regulations creates a complex but coherent regulatory landscape.

The EU AI Act classifies AI systems into risk categories. Many AI applications in the financial sector — credit assessment, risk classification, insurance pricing — fall into the 'high risk' category and are subject to strict requirements around transparency, human oversight and technical documentation. DORA adds the operational resilience dimension.

In practice, we advise financial institutions to develop one integrated governance framework for AI that addresses both DORA and the EU AI Act. A fragmented approach — with separate compliance tracks for each regulation — leads to duplication, inconsistencies and unnecessary costs. The overlap between both regulations (documentation, monitoring, risk management, human oversight) in fact offers opportunities for efficiency.

What you need to do now: five priorities

1. Compile an AI register. Inventory all AI systems, including models under development and systems procured through third parties. Classify them by criticality and risk profile.

2. Integrate AI into your ICT risk management framework. Expand your existing risk taxonomy with AI-specific risks and ensure model risk management becomes part of your regular risk management processes.

3. Establish AI monitoring. Implement tooling for continuous monitoring of model performance, data quality and output reliability. Define escalation thresholds and link them to your incident response process.

4. Evaluate your AI vendors. Test existing contracts against DORA requirements. Do your vendors have exit strategies? Do they offer sufficient transparency and audit rights? Is there unacceptable concentration risk?

5. Develop an integrated compliance framework. Bring the requirements of DORA and the EU AI Act together in a single governance structure. This saves time and resources and prevents conflicting compliance measures.

Regulators have made it clear that they expect financial institutions to take action now. Waiting is not an option — fines under DORA can reach up to 1% of average daily global turnover, and reputational damage from public enforcement actions is often even more impactful.