DORA Compliance with AWS: 7 action points to consider
Bexprt are delighted to be one of the nine global launch partners for the new AWS D-CAT (DORA Compliance Recommendation Tool).
Here we share a 7-step action plan for consideration when working on DORA compliance with AWS.
Need some background about D-CAT first? Read more about the D-CAT, the AWS DORA Compliance Recommendation Tool, here.

1. Understand & apply the AWS Shared Responsibility Model
AWS manages the security of the cloud (infrastructure, hardware, software), while customers manage the security in the cloud (data protection, configuration, access control). For Financial Service Institutions (FSIs) (aka Financial Entities (FEs)), alignment of their operations with this model will assist in meeting DORA requirements.
2. Strengthen ICT risk management & operational resilience
Leverage AWS tools like AWS Well-Architected Framework (especially the Financial Services Lens), AWS Resilience Hub, Audit Manager, and Security Hub. FSIs should build resilient architectures and conduct regular assessments to identify and mitigate ICT risks.
3. Establish comprehensive governance and business continuity plans
Use the AWS Cloud Adoption Framework and AWS Prescriptive Guidance to define roles, responsibilities, and effective control frameworks. Utilize services like AWS Backup, AWS Elastic Disaster Recovery, and AWS Fault Injection Simulator for robust business continuity and ICT response strategies.
4. Utilize AWS compliance resources for audit & regulatory alignment
The new DORA Compliance Recommendation Tool (D-CAT) is an informational solution designed by AWS to help European Union financial entities evaluate their positioning relative to DORA requirements. This structured assessment framework provides recommendations across DORA’s five key areas: ICT Risk Management, ICT Incident Management, Resilience Testing, ICT Third Party Risk Management, and Information Sharing. Through a systematic approach, D-CAT enables organizations to receive recommendations related to their DORA posture, delivering insights based on AWS services and best practices.
D-CAT supports financial service institutions by providing directional guidance to help navigate complex DORA requirements through a structured assessment process. The tool delivers informational value through gap analysis and recommendation options based on AWS best practices, helping organizations develop informed strategies for their compliance journey.
Other AWS compliance and audit tools include AWS Artifact for third-party attestations, AWS Audit Manager for automated evidence collection, and AWS Cloud Audit Academy for training to demonstrate compliance with DORA’s internal audit and oversight requirements.
5. Secure your cloud environments proactively
Implement AWS-native security tools: IAM, GuardDuty, Inspector, Shield, CloudTrail, KMS, and follow AWS’s Security Reference Architecture and Incident Response Guide. Use the Security Pillar of the Well-Architected Framework to review cloud deployments.
6. Plan for region-specific data residency & cross-border outsourcing
AWS enables FSIs to choose data residency by selecting specific AWS Regions (e.g., Spain, Frankfurt). Data will not leave the Region unless explicitly configured. This helps comply with DORA’s rules on cross-border data flow and jurisdictional compliance.
7. Prepare for continuous improvement & engagement
Follow AWS guidance in Game Days (resilience testing), Disaster Recovery simulations, and AWS Enterprise Support (for 15-min critical issue response and strategic reviews). Engage with AWS Solution Architects and AWS Partners like Bexprt specializing in DR to stay aligned with evolving DORA requirements and AWS service updates.
Closing thoughts
Want to know more about how to apply AWS best practice, and leverage the benefits of the new AWS D-CAT?
Or, have wider questions about your organisation’s approach to Resilience and Disaster Recovery?
- Bexprt specialises in Resilience, and was one of the first AWS Partners to achieve the third party audited “AWS Resilience Competency” in 2024.
- Bexprt was the first AWS partner globally to complete a commercial assessment using the new AWS D-CAT capability, and on 4th June 2025 became one of just nine D-CAT global launch partners.
- Get in touch! hello@bexprt.com
Discover more
- Deep dive into the AWS D-CAT solution page.
- Bexprt is an AWS Advanced Consulting Partner, Regional SI, AWS Reseller, with their own AI solutions over AWS and on AWS Marketplace, and an AWS differentiated Service and Solutions Partner. Discover more.
- Find Bexprt’s AI solutions and services in the AWS Marketplace, and on AWS Partner Finder
- Bexprt’s Awards: AWS Rising Star Consulting Partner MENA Award 2024, The King’s Award for Enterprise for International Trade 2024, Made in the UK Sold to the World Award.
With thanks to Cristian Critelli and Kiran Killedar at AWS for their partnership and commitment to bringing D-CAT to market.
Bexprt ◦ Your cloud business partner. hello@bexprt.com