3. Operational resilience and disaster recovery
AWS takes a comprehensive approach to these disciplines, fundamental to maintaining digital sovereignty in general and meeting regulatory requirements—such as the Digital Operational Resilience Act (DORA)—in particular.
DORA:
Strengthening digital resilience
The Digital Operational Resilience Act (DORA) is a key piece of EU legislation aimed at strengthening digital resilience—primarily within the financial sector but with implications for many other industries too. As digital sovereignty becomes increasingly important, DORA effectively sets a new standard for operational resilience.
What it is
DORA is a comprehensive framework designed to ensure that organisations can withstand, respond to and recover from all types of ICT-related disruptions and threats. It covers banks, insurance companies, investment firms, and critical ICT third-party service providers.
What it mandates
- ICT Risk Management: Requires financial entities to have a robust ICT risk management framework.
-
ICT Incident Reporting: Mandates standardised reporting of major ICT-related incidents.
-
Digital Operational Resilience Testing: Calls for regular testing of digital resilience.
-
ICT Third-Party Risk Management: Introduces an oversight framework for critical ICT third-party service providers.
Why it matters for digital sovereignty
DORA strengthens digital sovereignty by ensuring that critical financial infrastructure is resilient and secure. It reduces dependence on external service providers and enhances the EU's ability to control and protect its financial data and systems. As with GDPR, DORA is likely to influence similar regulations worldwide, potentially setting a global standard for digital operational resilience.
The comprehensive services portfolio offered by AWS addresses regulatory mandates like these, giving organisations the tools they need to achieve and maintain digital operational resilience.
Here’s an at-a-glance guide to some of the most important services involved and how they map to relevant mandates.
Service |
Description |
Addresses |
AWS Resilience Hub |
Manages application resilience by defining, validating, and tracking resilience goals and improvements. |
ICT risk management |
AWS Elastic Disaster Recovery |
Enables fast, reliable recovery of applications, minimising downtime and data loss using affordable storage and minimal compute, ensuring data protection and continuity during recovery. |
AWS Security Hub |
Aggregates security alerts, automates compliance checks, and prioritises issues for improved AWS security posture management. |
Incident reporting |
AWS Fault Injection Simulator |
Simulates faults to test application resilience, enhancing performance and observability through controlled experiments, ensuring systems remain robust and secure under stress. |
Resilience testing |
AWS Audit Manager |
Automates audit evidence collection, streamlining compliance assessments and risk management. It continuously tracks your environment against industry standards, simplifying audit preparation with ready-made reports. |
Third-party risk management |
AWS Artifact |
On-demand access to a library of AWS compliance reports, certifications, and legal documents, supporting customers audits and helping meet regulatory requirements transparently, end-to-end. |
This integrated service ecosystem empowers organisations to build resilient infrastructures that comply with regulations like DORA while enhancing overall digital sovereignty. But to make the most of these capabilities, clients must understand how responsibilities are divided between AWS and its customers— an area of regulatory compliance and digital sovereignty that falls under the heading of the “Shared Responsibility Model.”