Francesco Fontana, Enterprise Marketing and Alliances Director at Aruba S.p.A
The Digital Operational Resilience Act (DORA) has fundamentally changed how European financial institutions think about cyber risk. Since going live on 17 January 2025, it’s pushed resilience from IT teams straight into the boardroom. Technical problems are now strategic priorities.
For banks, insurers and other financial entities, DORA’s message is that you need to prove resilience, not just claim. In a sector that accounts for nearly 25% of global cyberattacks, showing you can stay operational under pressure is essential.
A regulatory necessity
It’s no secret that financial threats are on the rise. Case in point: between January 2023 and June 2024 alone, ENISA logged 488 publicly reported cyber incidents hitting European finance. Threat actors are better organized, digital environments are harder to manage and regulators are more demanding than ever.
DORA tackles this head-on. Institutions need to set up comprehensive ICT risk management frameworks, put incident reporting mechanisms in place, run regular operational resilience tests, and rigorously manage third-party ICT risks. But just ticking boxes won’t cut it. The regulation wants security and accountability woven into how organisations actually operate.
That’s where digital trust services become essential.
What digital trust actually means
Digital trust services are tools and protocols built to guarantee the authenticity, integrity and non-repudiation of digital transactions and communications. Practically speaking, they create verifiable proof that digital interactions are secure, legitimate, and haven’t been tampered with.
Take qualified digital signatures. They link documents or transactions to verified identities in ways that can’t be forged or disputed. Qualified timestamps give you immutable evidence of when specific actions occurred, creating indisputable audit trails. Qualified electronic seals confirm the origin of organisational documents and that they haven’t been altered, while S/MIME certificate-based encryption keeps sensitive data exchanges locked down.
These aren’t add-ons. Unlike reactive cybersecurity tools that kick in after threats surface, digital trust services get embedded into processes right from the start. They stop compromise before it happens.
Italy offers a good example: the country’s Posta Elettronica Certificata (PEC) system, a legally recognised certified email system, has been widely used across public and private sectors for years. Financial institutions rely on it for regulatory reporting, secure client communications, and more. It shows how digital trust can handle compliance and operational efficiency at the same time.
From compliance burden to strategic asset
DORA, or any other regulatory framework for that matter, is often considered a burden, but forward-thinking institutions are treating it as an opportunity to modernise. When you integrate trust services directly into platforms, you can automate verification, cut down on manual compliance work and ensure digital interactions meet legal and security standards without extra effort.
This approach also addresses one of DORA’s most challenging requirements: third-party risk management. As financial ecosystems grow more interconnected (spanning cloud platforms, software integrations and cross-border operations), extending secure frameworks across these interfaces becomes critical. Digital trust services provide the foundation for managing these relationships without introducing new vulnerabilities.
The most resilient organisations don’t stop at trust services. They pair them with solid infrastructure: sovereign EU-based data centres built to high reliability standards, zero-trust security models, advanced solutions like managed detection and response (MDR) and disaster recovery-as-a-service (DRaaS).
The Aruba-Asseco collaboration is a solid example of how regional cooperation expands secure infrastructure across Europe. These alliances give financial institutions a path to compliance while making the overall digital ecosystem stronger.
Building lasting resilience
DORA’s scope isn’t limited to finance. You’re seeing similar principles take hold across critical industries under NIS2: healthcare, energy and beyond. Security by design is the new normal, and digital trust is the foundation.
Financial institutions that treat digital trust as a strategic asset, something that supports every system, transaction and relationship, will be in the strongest position to handle today’s regulatory demands and tomorrow’s threats. Layered resilience strategies that combine secure infrastructure, digital trust services and continuity planning deliver more than compliance. They bring competitive differentiation and client confidence.
These days, proving resilience is about building systems that can take a hit, protect sensitive data, and keep running under pressure. That’s what DORA expects, and digital trust is how you get there.
