When the Digital Operational Resilience Act (DORA) took effect earlier this year, it signaled a new era of digital resilience for financial organizations operating in the EU—one where compliance must be architected, tested, and demonstrable, not just documented.
After years of preparation, many institutions exhaled once their policies were filed and boxes checked. But the hardest part started afterward: proving resilience under pressure. According to recent research, 96% of European financial services organizations say their data resilience still falls short of what’s needed to meet DORA requirements (Veeam, 2025).
The Post-Deadline Reality: Proof, Not Paperwork
DORA and its broader counterpart NIS2 are reshaping how enterprises define operational resilience and network security—and exposing a new challenge: demonstrating that critical operations can withstand risk and recover quickly.
DORA, which applies to EU-based financial institutions and their ICT (Information and Communication Technology) service providers globally, establishes a uniform regulatory framework for digital resilience. NIS2, applies to other essential sectors—such as energy, healthcare, transport, and public administration—broadening the EU’s cybersecurity baseline. Together, they represent a coordinated push toward measurable resilience across the entire digital economy.
As enforcement begins, organizations are realizing that compliance is no longer a paperwork exercise. Regulators and boards now expect evidence of control—real-time visibility, segmentation, encryption, and tested recovery across every cloud and dependency.
For global enterprises, common gaps include:
Fragmented visibility across regions and clouds
Inconsistent encryption and segmentation controls
Manual audit processes that can’t scale
Limited ability to test or prove failover and recovery
The result: a widening gap between stated compliance and provable resilience.
“DORA has changed the conversation from documentation to demonstration,” says Cristian Critelli, EMEA Lead Networking & Resilience Specialist Partner Solution Architect at AWS. “Resilience must now be measurable and continuously verified.”
Better Together: Bridging Cloud Foundation + Network Control
Proving resilience requires coordination across the cloud stack—from the underlying infrastructure to the network fabric that connects it all.
AWS provides the foundation of resilient cloud infrastructure—built-in availability, encryption services, and compliance-ready architectures that enable operational continuity.
Aviatrix extends that foundation with a secure, unified multicloud network fabric delivering consistent high performance encryption, segmentation, and visibility across environments—closing the operational gaps auditors now examine most.
Together, AWS and Aviatrix help enterprises move beyond checklist compliance to continuous, auditable resilience that can be proven in real time.
“Resilience isn’t static,” notes Frey Khademi, Senior Partner Manager at Aviatrix. “By combining AWS’s cloud foundation with Aviatrix’s network fabric, organizations gain the visibility and control to make compliance sustainable.”
DORA in Practice: What Enterprises Are Learning
While DORA formally applies to financial institutions and their ICT service providers, its principles are increasingly cited as a blueprint for digital-resilience frameworks in other sectors—such as technology, healthcare and energy.
According to PwC’s Global Compliance Survey 2025, nearly 90% of organizations say their compliance responsibilities have expanded significantly in the past three years (PwC, 2025). This surge reflects how frameworks like DORA and NIS2 are reshaping enterprise expectations for risk management, audit readiness, and operational resilience across industries.
Across sectors, leaders are drawing the same lessons:
Visibility Is Non-Negotiable – You can’t prove what you can’t see. End-to-end observability across clouds and networks is essential for demonstrating control.
Segmentation Is the New Firewall – Dynamic segmentation and line-rate encryption are now baseline requirements for protecting workloads and limiting blast radius.
Testing and Evidence Outweigh Assumptions – Regular resilience testing and audit trails are becoming the new standard for readiness.
Partnerships Accelerate Assurance – Aligning cloud and network expertise enables faster closure of compliance gaps and sustained resilience.
Introducing the DORA Compliance Recommendation Tool (D-CAT)
To help organizations benchmark readiness, AWS developed the DORA Compliance Recommendation Tool (D-CAT)—a practical framework for assessing resilience across DORA’s five pillars. Aviatrix enhances this effort with advanced networking and observability capabilities that strengthen customers’ operational resilience journeys.
D-CAT helps compliance, risk, and infrastructure teams:
Benchmark current resilience against DORA requirements
Identify visibility, encryption, and recovery gaps
Prioritize next steps for enforcement readiness
“D-CAT translates regulation into action,” says Kiran Killedar of AWS. “It connects infrastructure resilience with the operational proof auditors need.”
Business Benefits: Turning Compliance into Advantage
For organizations that go beyond minimal compliance, the return extends well past risk mitigation. Adopting DORA-aligned practices delivers measurable advantages across four dimensions:
Operational Resilience: Unified visibility and network control reduce downtime and improve recovery time objectives (RTOs).
Risk Management: Proactive testing and segmentation shrink the blast radius of potential incidents and simplify investigations.
Competitive Differentiation: Early compliance readiness and demonstrable resilience can strengthen bids, partnerships, and customer trust.
Audit Efficiency: Automated observability and consistent encryption lower the cost and complexity of meeting regulatory reporting requirements.
AWS and Aviatrix customers are already leveraging these benefits—simplifying compliance workflows while enhancing overall business continuity and stakeholder confidence.
From Mandate to Mindset
Building on DORA’s principle that resilience must be continuous and demonstrable, AWS and Aviatrix are helping enterprises turn compliance pressure into confidence. The goal isn’t just avoiding penalties—it’s building resilience that earns trust from customers, partners, and regulators.
“True operational resilience happens when infrastructure and network teams share a common language—and a common goal,” says Khademi.
Learn more about why everyone should care about DORA and how to create a roadmap for DORA compliance.
