What are the biggest challenges organisations face with DORA, CRA, NIS2 and AI Act compliance?
One of the biggest challenges in cybersecurity compliance is translating regulatory requirements into a clear operating model with defined ownership, effective controls and reliable evidence. Many organisations also face overlapping obligations across DORA, the Cyber Resilience Act (CRA), NIS2 and the AI Act, alongside growing pressure to manage third-party risk, incident reporting and documentation across business, technology, legal and procurement teams.
How can organisations assess whether their cybersecurity posture meets regulatory requirements?
The first step is to define the scope and identify the regulatory requirements that apply to your organisation. A structured cybersecurity compliance assessment should benchmark your controls against relevant frameworks and test governance, incident response, cyber resilience, supplier oversight, recovery capabilities and the evidence supporting those controls. This helps organisations understand gaps and prioritise remediation.
How should organisations prepare for DORA and other resilience-focused cyber regulations?
The most effective approach is to build a single resilience programme that covers governance, risk management, testing, incident handling, supplier controls and evidence collection. Preparing for DORA compliance or similar resilience-focused regulations requires clear ownership, stronger controls, regular testing and up-to-date documentation that can support regulatory review and strengthen long-term cyber resilience.