DORA Compels Integration of AI Risk into Operational Resilience Frameworks

DORA Compels Integration of AI Risk into Operational Resilience Frameworks** **Key Finding:** The EU's Digital Operational Resilience Act (DORA), with its main application date of January 17, 2025, is driving financial entities to embed AI systems and their associated risks within comprehensive operational resilience and third-party ICT risk management frameworks, evidenced by recent supervisory guidance and ongoing consultations. Detailed analysis with evidence and source URLs: DORA's broad mandate for managing Information and Communication Technology (ICT) risk inherently encompasses AI systems. On **April 19, 2024**, the European Supervisory Authorities (ESAs) published the second batch of DORA's Regulatory Technical Standards (RTS) and Implementing Technical Standards (ITS) for public consultation. These cover crucial areas like classifying major ICT-related incidents, policies for ICT services supporting critical functions, and criteria for assessing critical third-party ICT providers. These directly impact how financial firms manage the resilience of their AI systems and associated risks with third-party AI service providers. * **Source:** ESMA Press Release, "ESAs consult on second batch of policy products under DORA," April 19, 2024. [https://www.esma.europa.eu/press-news/esma-news/esas-consult-second-batch-policy-products-under-dora](https://www.esma.europa.eu/press-news/esma-news/esas-consult-second-batch-policy-products-under-dora) National competent authorities are also emphasizing DORA readiness. In **April 2024**, the Central Bank of Ireland highlighted DORA implementation as a key supervisory priority. This signifies that AI risk management must be integrated into broader DORA compliance programs, leading to substantial investment in ICT risk frameworks, due diligence for AI providers, enhanced incident reporting, and operational resilience testing for AI systems. * **Source:** Central Bank of Ireland Press Release, "Central Bank of Ireland publishes Dear CEO letter on the implementation of the Digital Operational Resilience Act (DORA)," April 2024. [https://www.centralbank.ie/news-media/press-releases/2024/central-bank-of-ireland-publishes-dear-ceo-letter-on-the-implementation-of-the-digital-operational-resilience-act-(dora)](https://www.centralbank.ie/news-media/press-releases/2024/central-bank-of-ireland-publishes-dear-ceo-letter-on-the-implementation-of-the-digital-operational-resilience-act-(dora))