Skip to main content
This website uses Cookies to provide necessary site functionality and improve your experience.
By using our website, you agree to our Privacy Policy and our Cookies Policy
OK

CATEGORY:BlogPressSolutionsTech
READ TIME 3 minutes

Over the past few weeks we’ve touched on how organisations are preparing for the shifts ahead across digital, cloud and operational landscapes. As digital transformation experts specialising in integration, we’ve seen first-hand how these shifts are shaping the work being done across the sector. With the first full year of DORA approaching, it feels like the right moment to revisit what early reports told us, how organisations have responded and what the next phase of resilience maturity looks like. 

Where We Started: What the Early Evidence Told Us   

When the first wave of DORA related reports appeared in late 2024 and early 2025, they came from a mix of credible sources such as the European Banking Authority’s early implementation observations, the European Commission’s DORA impact assessment, ENISA’s work on ICT supply chain resilience and readiness studies from Deloitte, PwC and KPMG. 

Despite the different lenses, the findings were remarkably consistent:- 

Configuration data lacked structure and traceability 

The EBA emphasised that documentation quality varied widely. Many firms struggled to demonstrate a single source of truth for configurations, with outdated data sitting in legacy tools or personal drives. This was not simply an administrative issue. It limited firms’ ability to provide reliable evidence during audits or quickly reconstruct service behaviour after an incident. 

Policies were strong on paper but inconsistent in practice  

Consultancy and regulatory assessments showed that organisations’ change and incident management frameworks were generally well defined. The challenge was predictability. Under real-world conditions, especially during high pressure deployments, teams often bypassed formal steps, creating gaps in evidencing resilience and risk management. 

Inter-system dependencies were poorly documented 

ENISA’s supply chain reports highlighted that organisations often lacked full visibility of how critical services were stitched together. Many could not produce a reliable map of their internal and external dependencies. This is also something we regularly see when supporting clients’ transformation journeys, where integration complexity can hide operational risks that only surface under stress. 

These early insights formed the baseline for the work that followed. 

A Year of Change: How Organisations Have Responded  

Nearly a year in, the sector has shifted from awareness to action. What began as compliance-driven activity has evolved into broader operational and architectural maturity. 

Integration estates are being clarified and rationalised 

Early efforts focused on identifying unknown or undocumented integrations. Now, firms are moving into optimisation, removing duplication, establishing clearer ownership models and aligning integrations to critical services. This is an area where our team at arrt is particularly active, helping organisations build cleaner, more predictable and more resilient integration architectures. 

Configuration governance has become a strategic priority 

Most organisations now recognise configuration data as a core resilience asset. They have created structured repositories, introduced mandatory versioning and tightened access controls. Beyond supporting compliance, this work has directly strengthened operational reliability and reduced the likelihood of configuration drift across environments. 

Resilience by design is shifting from theory to practice 

Teams are embedding resilience earlier in solution design, cloud landing zone planning, deployment pipelines and observability practices. Integration patterns are being reviewed earlier and dependencies mapped more accurately. This reflects a shift towards long term stability rather than temporary fixes. 

AI is being deployed in targeted, practical ways 

AI is already supporting dependency analysis, anomaly detection, evidence collection and alert triage. It is not replacing teams. It is augmenting them. With DORA setting clearer expectations around monitoring and control, AI is helping reduce manual overhead while improving accuracy and responsiveness. 

The Influence Beyond Compliance 

This is where DORA’s impact becomes broader and more strategic. 

Resilience is emerging as a competitive differentiator 

Organisations that understand their integration landscapes, govern their configuration well and maintain clear dependency maps are seeing improvements in uptime, recovery times and customer experience. Resilience is becoming a genuine advantage rather than a compliance obligation. 

Stronger foundations for AI and automation 

AI relies on clean data, predictable environments and well understood service boundaries. Much of the groundwork driven by DORA, and by digital transformation partners like arrt, is helping organisations create the foundations that AI initiatives require. As a result, more firms are now ready to explore automation and AI safely. 

Cross-team alignment is becoming the norm 

DORA has created natural alignment across engineering, operations, risk, architecture and compliance functions. This cultural shift is improving delivery efficiency, strengthening communication and enabling more informed decision-making across both technical and business teams. 

Looking Ahead: The Next Phase of DORA Maturity 

With the initial foundation in place, the next year will be defined by refinement, consistency and proactive resilience. 

Sustained resilience rather than reactive remediation 

Organisations will shift from one-off fixes to continuous monitoring, ongoing evidence collection and deeper embedding of resilience into BAU activity. 

Smarter, automated integration oversight 

Dependency maps will evolve into living, automatically maintained artefacts. Integration governance will become part of standard engineering workflows rather than a separate discovery exercise. 

Service-level resilience as the core focus 

Regulators are increasingly assessing resilience at the service level. Organisations will need to demonstrate not just system stability but how processes, data, integrations and third parties collectively support critical services. 

Growing use of AI to support governance 

Expect broader adoption of tools that automate evidence generation, highlight emerging risks sooner and provide predictive insights into service behaviour. 

A stronger connection between resilience and strategic growth 

Operational resilience is becoming recognised as a prerequisite for scaling digital capability, entering new markets and adopting new technologies safely. The most successful organisations will be those that treat resilience as an enabler of transformation rather than a cost of compliance. 

If you are looking to strengthen resilience, modernise your integration estate or accelerate transformation work, we are always happy to share what we are seeing across the sector and what is working well in practice Contact Us 

1
ARTICLE:

DORA: Almost One Year On  

You may also like:

see all

request a free consultation with us.

and find out how we can harness the power of integration to improve your business.
request a consultation

follow us

subscribe for updates