DORA Regulation - Monitoring & Observability for Compliance
Key takeaways
- The DORA Regulation (Digital Operational Resilience Act) is the European Union’s new regulatory framework designed to create clear, consistent rules for the security of network and information systems of companies and organisations in the financial sector.
- These requirements apply to all of the countries comprising the EU, with the main goal of preventing and mitigating cyber threats. It means that banks, insurance companies, investment firms, and other financial entities need to make sure they can withstand, respond to, and recover from all types of ICT-related disruptions and threats.
- The regulation entered into force on 16 January 2023 and applies to 20 different types of financial entities and ICT third-party service providers.
The Five Core Pillars of DORA
DORA is structured around five key pillars that together form the foundation of digital resilience in the financial sector:
- ICT risk management – organizations must systematically identify, assess, and manage technology-related risks.
- Digital operational resilience testing – institutions are required to regularly test their systems’ ability to withstand cyber threats and operational disruptions.
- Third-party risk management – risks related to external ICT service providers must be incorporated into overall risk management frameworks.
- ICT incident reporting – significant incidents must be reported quickly and comprehensively to supervisory authorities.
- Information sharing – effective and transparent communication between authorities and financial entities is essential to strengthen collective resilience.
DORA is applicable for the entire financial sector. Banks, insurance companies, and investment firms must now take a hard look at their operating models. Are current systems resilient enough for today’s digital threats? Is cybersecurity truly at an adequate level? Are operational processes prepared for disruption scenarios? Now is the time to invest in cybersecurity strategies and operating models that do not collapse at the first sign of disruption.
What Is the DORA Regulation and Who Does It Apply To?
The DORA Regulation applies to more than 22,000 organizations across the EU, not only large financial institutions. Covered entities include banks, investment firms, payment institutions, and InsurTech providers.
DORA is a legally binding framework, not a recommendation. It obliges organizations to develop their technical and operational cybersecurity capabilities in a structured and consistent way. As the regulation states, serious ICT-related breaches occurring in the financial sector not only affect financial entities themselves but also increase the risk of spreading local vulnerabilities across all channels of financial impact and potentially trigger negative consequences for the stability of the EU financial system.
Scope Across the Financial and ICT Sectors
DORA covers a broad range of financial entities – around 20 categories in total – including traditional banks, investment funds, payment institutions, and crypto-asset service providers. Importantly, ICT service providers used by these entities also fall within the scope of the regulation.
This means that technology partners supporting the financial sector must reassess their own cybersecurity practices. DORA follows the principle of proportionality, meaning requirements scale according to an organization’s size, risk profile, and operational complexity. Smaller entities are not expected to meet the same standards as systemically critical institutions, but cybersecurity is a shared responsibility across the entire sector.
DORA, ISO 27001, PSD2 & PSD3 and Other EU Regulations
DORA complements rather than replaces ISO 27001. While ISO 27001 focuses on information security management systems and documentation, DORA is about staying resilient as a financial institution. Organizations already certified under ISO 27001 often need to enhance their practices to fully meet DORA requirements.
While DORA focuses on resilience, PSD focuses on the business of payments. The Payment Services Directive 2 (PSD2) establishes the regulatory framework for payment institutions, including those providing services related to open banking. Its main objectives are to ensure transparency in the conditions and information requirements for payment services, define the rights and obligations of both payment service users and providers, and safeguard consumers’ financial data. PSD3 would update and clarify the provisions relating to payment institutions, and integrate e-money institutions as a sub-category of payment institutions.
DORA also aligns with the Digital Finance Package and complements the NIS2 Directive. While NIS2 establishes a broad cybersecurity framework across multiple critical sectors, DORA provides deep, sector-specific requirements for financial services. Together, they form a coherent and mutually reinforcing regulatory ecosystem.
| Feature | ISO 27001 | NIS2 | DORA |
|---|---|---|---|
| Nature | International Standard | EU Directive | EU Regulation |
| Scope | Any Industry | Multiple Critical Sectors | Financial Sector & ICT Providers |
| Focus | Management & Process | Overall Cybersecurity | Operational Resilience & Testing |
| Enforcement | Certification Bodies | National Authorities | Financial Supervisors (ESAs) |
How observability and monitoring align with DORA?
The end goal of DORA is to make the IT architecture of financial institutions more resilient to upcoming threats and keep customers’ data safe.
Financial institutions are primary targets for activities that disrupt the economy and harm individuals. To remain compliant and resilient, banks must actively prevent three critical scenarios – fraud, money laundering, and sanction violations.
The Power of Log Data
Every single transaction, payment, and transfer leaves a digital footprint in a bank’s back-end system. This log data is one of the pillars of security (and observability). Because regulations often require banks to retain this data for up to seven years, there is a massive historical record available for analysis.
Under DORA, this log data becomes even more vital, as it provides insights into how systems are operating, making it a cornerstone of operational resilience.
The challenges
The difficulty isn’t a lack of data, but its volume. There is so much payment traffic that it requires scalable systems that stay up to date. Identifying a single criminal act among millions of legitimate daily transactions requires a system that is both incredibly fast and constantly updated.
Why are modern tools necessary in such cases?
- Data analysis – These solutions are designed to handle high-volume data streams in real time, helping teams analyze logs,metrics, and traces, even in complex, dynamic environments.
- Proactive insights – Rather than focusing solely on retrospective reporting, these solutions help teams to identify and resolve issues as they arise, with real-time monitoring and intelligent alerts.
The financial sector is highly regulated, with banks being subject to extensive regulation. It is crucial for banks to be able to demonstrate that their services can be trusted and that customers’ money is secure. As the largest payment processors, banks must be able to react in real time, and observability is the best way to achieve this.
Observability solutions - How do they work?
Under the Digital Operational Resilience Act (DORA), financial institutions must maintain clear visibility into how their systems operate and be able to respond quickly when something goes wrong. Observability solutions help achieve this by collecting operational data from across the IT environment and turning it into information that can be analyzed and acted upon.
Modern technical solutions and observability platforms allow log data to be correlated in real time between multiple sources and systems. Abnormal behaviour and other predefined patterns are extracted from this data, and based on these, we can alert different parties and/or trigger automation. Automation can interrupt or even prevent events before they materialise. Additionally, the root cause can be further analysed, enabling banks to develop their own response strategies.
The thresholds
Once the data is collected, it becomes possible to define thresholds and indicators that signal when something unusual occurs. These thresholds help teams recognize when system behaviour moves outside of normal ranges. Instead of relying only on manual checks, monitoring systems continuously watch these indicators and raise alerts when values become alarming. This allows teams to react early, before issues grow into larger incidents that could affect services or security.
Understanding the cause and effect
Observability also helps move from simple correlation toward understanding cause and effect. It is one thing to see that several systems are reporting unusual activity at the same time, but it is far more valuable to understand what triggered the change and how it spreads through the environment. With the right visibility, teams can trace events across systems and identify the root cause of problems more quickly. This supports faster investigations and helps prevent similar incidents in the future.
Detect anomalies and respond in real time
Another key aspect is reacting to changes in real time. Financial systems operate continuously, and abnormal behaviour can appear suddenly. Observability solutions allow teams to detect and respond to changing values as they happen, rather than discovering issues long after they occur. This timely response is essential for maintaining operational resilience, which is one of the core objectives of DORA.
Automation and AI
Automation can further strengthen this process. When predefined conditions are met, automated workflows can trigger alerts, initiate investigations, or even take preventive actions. In environments that process huge volumes of data, intelligent automation can also help analysts focus on the most relevant signals instead of manually reviewing thousands of events. This reduces the workload on teams and allows experts to concentrate on improving detection methods and operational processes.
In this way, observability solutions support financial institutions in building the level of operational visibility and responsiveness that DORA expects. Collecting and correlating data, detecting abnormal behaviour, and enabling timely responses are the important aspects of ITC compliance.
Summary
DORA is an opportunity to build a stronger, more secure, and more resilient digital operating environment. Preparation requires a phased, organization-wide approach that includes technology upgrades, process redesign, staff training, and careful review of supplier contracts.
The key question is not whether you will comply with DORA, but how strategically you will use the remaining time. Organizations that act now can go beyond compliance and turn digital resilience into a lasting competitive advantage. Splunk is one of the industry leading solutions that can help prevent incidents and stay resilient. Contact us for a free observability and Splunk consultation.
About WeAre
WeAre Solutions Oy is a Finnish observability consultancy and Splunk partner that helps organizations improve visibility, monitoring, and operational resilience in complex digital environments. WeAre has worked with financial-sector organizations to strengthen the use of logs, improve system insight, and support the practical capabilities needed in highly regulated environments. For institutions preparing for or advancing DORA-related resilience work, observability plays an important role in detecting abnormal behaviour, accelerating response, and building confidence in day-to-day operations. If you are assessing how your monitoring, observability, or log management approach supports DORA, WeAre can help you identify the right next steps. Get in touch today.
