The Digital Operational Resilience Act (DORA) is a landmark EU regulation designed to bolster the digital operational resilience of financial entities across Europe. Following the introduction of DORA, last January 17, 2025, financial institutions are under increasing pressure to ensure their ICT systems can withstand disruptions and cyber threats. Amazon Web Services (AWS) has emerged as a key partner in this journey, offering a suite of services and resources tailored to help financial entities meet DORA’s stringent requirements.

Below, we explore how AWS can assist organisations in achieving DORA compliance.

Understanding DORA Requirements

DORA introduces a comprehensive framework for enhancing digital operational resilience within the financial sector. Key requirements include:

• ICT Risk Management: Developing frameworks to identify, assess, and mitigate ICT risks.
• Incident Reporting: Implementing harmonised regimes for reporting major ICT-related incidents and cyber threats.
• Operational Resilience Testing: Conducting regular digital operational resilience tests to ensure systems can operate under stress.
• Third-Party Risk Management: Managing ICT third-party risks, particularly for critical providers.

How AWS Supports DORA Compliance

AWS offers a robust set of tools and resources to support financial entities in meeting DORA’s requirements:

1. AWS User Guide to DORA

AWS has published a dedicated user guide to help financial institutions navigate DORA compliance. This guide outlines the roles AWS and its customers play in managing operational resilience, explains the AWS Shared Responsibility Model, and highlights relevant AWS services and compliance frameworks. It provides actionable insights for technical decision-makers and risk professionals alike.

2. AWS Fault Injection Service (FIS)

AWS Fault Injection Service (FIS) is a powerful tool for conducting scenario-based testing, a critical component of DORA’s operational resilience requirements. By simulating real-world disruptions, FIS helps identify vulnerabilities and improve system resilience through chaos engineering principles.

3. Compliance Frameworks and Services

AWS offers a range of services that support DORA compliance, including:

• AWS Audit Manager: Simplifies compliance auditing by automating evidence collection.
• AWS Security Hub: Provides a centralised view of security alerts and compliance status.
• AWS Resilience Hub: Helps design and implement resilient architectures.
• AWS Artifact: Offers on-demand access to compliance reports and agreements, aiding in third-party risk management.

4. Shared Responsibility Model

AWS operates under a Shared Responsibility Model, where AWS manages the security of the cloud, while customers are responsible for security in the cloud. This model is crucial for understanding how AWS services support DORA compliance without compromising customer data governance.

5. Cloud Adoption Framework (CAF)

The AWS Cloud Adoption Framework (CAF) provides best practices for designing and operating governance and control frameworks. It helps financial entities digitally transform while ensuring alignment with DORA requirements.

As financial institutions face the challenge of DORA compliance, AWS stands out as a strategic partner capable of providing the necessary tools and expertise. By leveraging AWS services and resources, organisations can ensure their ICT systems are resilient, secure, and compliant with DORA’s stringent requirements. Whether through scenario-based testing with AWS FIS or utilising compliance frameworks like AWS Audit Manager, AWS offers a comprehensive approach to achieving operational resilience in the financial sector.