One year on since DORA came into effect, barriers to full compliance persist. Despite its emphasis on early detection, accurate reporting, and strong data integrity, navigating legislation with over 1,000 specific requirements is no easy feat, especially given many firms continue to grapple with complex IT environments.

Balancing legacy systems with new and emerging technologies can often hinder comprehensive defence strategies, especially at a time when the threat landscape is rapidly growing more sophisticated. Fully understanding how DORA differs from other regulations, particularly its heightened focus on third-party risk and stricter incident reporting, remains an ongoing challenge. Meanwhile, a sharp rise in the use of ungoverned AI tools by employees also creates compliance risks that many organisations are yet to address.

By adopting a multi-faceted approach, organisations can not only overcome these challenges, they can gain a strategic advantage. Adopting tools that deliver full visibility across data environments enables fast, accurate incident reporting across hybrid and multi-cloud infrastructures. Embedding a strong culture of compliance, extending to third-party providers and reinforced through regular testing of response plans and continuous staff training, will be critical. Those that act proactively will not only reduce the risk of substantial penalties, but also strengthen trust, resilience, and operational continuity in an increasingly complex digital landscape.