Subnet345

Compliance · DORA · ICT and AI

DORA does not name AI. It names ICT. Agents are ICT.

The Digital Operational Resilience Act, in force January 2025, is the EU's framework for the operational resilience of the financial sector's information and communications technology. It does not carry first-class AI regulatory text. The reason it matters for AI agents in financial workflows is that DORA's framework treats AI as ICT, and the agent's actions as ICT operations. The recoverable, attributable obligations DORA places on ICT scope every system that produces actions inside a financial entity, regardless of what produced them.

§ 01 The ICT framing

Five pillars. The agent ends up under all of them.

DORA organizes operational resilience into five pillars: ICT risk management, incident reporting and major-incident notifications, digital operational resilience testing, ICT third-party risk management, and information sharing. AI agents in financial workflows fall into all five by category. They are ICT systems under the first pillar, sources of incidents under the second, subjects of resilience testing under the third, often supplied by third parties under the fourth, and the substrate of cross-entity threat intelligence under the fifth.

The third-party pillar is where the framework grows teeth. The European Supervisory Authorities designated the first critical ICT third-party providers in November 2025 (the major hyperscale cloud providers appeared on that list). A financial entity remains accountable for the actions of its ICT third parties, including AI agents and the runtimes they ride on, regardless of where they execute.

DORA does not require an AI policy. It requires that an action on ICT was recoverable, reportable, and attributable. Agents are ICT.

§ 02 The evidence

Recoverable and attributable ICT operations, by construction.

The substrate makes the ICT-operation record a property of the action. Every agent action is attributed to a specific agent under a specific policy you write, and hash-chained into a tamper-evident audit trail kept inside your boundary. Recoverability and attributability are obligations the substrate satisfies by construction.

Which agent acted on which ICT operation, under which authorized policy
Reconstructed from logs, if at all
Attributed at the moment of action
What was reportable as a major incident, and who escalated it
Inferred from notification timestamps
The detection, the policy, and the escalation path, on the record
What the agent was refused, and how the third-party risk control caught it
Refusals not durably captured
Every refusal recorded as an attributable event
Keep the record where a competent authority can interrogate it
Ships to a third-party cloud, with caveats
Retained inside your boundary, on your retention schedule

This material is informational, not legal or regulatory advice. DORA is enforced by EU Member State competent authorities and the European Supervisory Authorities; obligations depend on entity classification, ICT third-party designations, and incident severity. The substrate produces the record; it does not by itself make a financial entity compliant. Assess your specific obligations with qualified EU financial-services counsel.

§ 03 Questions

DORA and AI agents, answered.

Does DORA carry AI-specific provisions?

No, not at first-class regulatory text. DORA frames operational resilience for the financial sector around ICT, not AI as a category. The reason it bears on AI agents is that AI agents in financial workflows are ICT, and the agent's actions are ICT operations. The recoverable, attributable obligations DORA places on ICT apply to whatever produces actions inside a financial entity, regardless of what produced them.

How does the ICT third-party pillar matter for AI agents?

A financial entity remains accountable for the actions of its ICT third parties under DORA, including AI agents and the runtimes they ride on, regardless of where they execute. The European Supervisory Authorities designated the first critical ICT third-party providers in November 2025 (the major hyperscale cloud providers appeared on that list). When an AI agent runs on a third-party runtime, the third-party risk management framework applies; the financial entity has to evidence the agent's actions either way.

What does the substrate produce against DORA's ICT-operation obligations?

Every agent action against a financial-services system is attributed to a specific agent under a specific policy you write, hash-chained into a tamper-evident audit trail kept inside your boundary. Refusals, escalations, incidents, and approvals are recorded as durable events alongside actions. The record is what a competent authority reviews; it is also what an operational-resilience exercise reconstructs from.

Is this legal or regulatory advice?

No. This material is informational. DORA is enforced by EU Member State competent authorities and the European Supervisory Authorities; obligations depend on entity classification and ICT third-party designations. The substrate produces the record; it does not by itself make a financial entity compliant. Assess your specific obligations with qualified EU financial-services counsel.

When a competent authority asks for the trail, can you produce it?

Become a design partner →Financial Services brief →