Sovereign AI for Financial Services: On-Premises Compliance Under EU AI Act and DORA

Dual Regulatory Pressure on Financial AI

Financial institutions deploying AI systems face a regulatory landscape that few other sectors encounter. The EU AI Act establishes requirements for AI systems based on their risk classification — transparency, documentation, human oversight, data governance, and robustness. Simultaneously, the Digital Operational Resilience Act (DORA), which applies to banks, insurance companies, investment firms, payment institutions, and other financial entities, imposes strict requirements on ICT risk management, incident reporting, operational resilience testing, and third-party risk management for critical ICT service providers.

These two regulations are not contradictory, but they are not fully aligned either. An AI system in a bank must satisfy EU AI Act requirements for its risk classification while also meeting DORA's expectations for ICT risk management, operational resilience, and third-party oversight. A credit scoring model, for example, is subject to EU AI Act high-risk requirements as an AI system used in creditworthiness assessment, and simultaneously subject to DORA requirements as an ICT system that is part of the institution's critical business functions.

For financial institutions, on-premises AI deployment is not merely a preference — it is increasingly a practical necessity for meeting both regulatory frameworks while maintaining meaningful control over sensitive financial data, model behavior, and operational continuity.

Where EU AI Act and DORA Requirements Overlap and Diverge

Understanding the intersection of these two regulations is essential for designing AI systems that satisfy both without duplicating effort or creating conflicting governance structures.

ICT risk management. DORA requires financial entities to establish an ICT risk management framework that identifies, protects against, detects, responds to, and recovers from ICT-related threats. AI systems deployed on-premises are ICT assets within this framework. The EU AI Act's risk management system for high-risk AI adds AI-specific risk considerations — bias, fairness, accuracy, robustness — on top of DORA's broader ICT risk management requirements. A well-designed governance framework addresses both layers: the ICT infrastructure risks that DORA covers and the AI-specific risks that the EU AI Act introduces.

Incident reporting. Both regulations establish incident reporting obligations, but with different scopes and timelines. DORA requires financial entities to classify, report, and manage major ICT-related incidents according to defined severity criteria and timelines. The EU AI Act requires providers of high-risk AI systems to report serious incidents to market surveillance authorities. An AI system failure that affects a critical financial service may trigger reporting obligations under both regulations simultaneously. The incident response process must be designed to satisfy both — capturing AI-specific incident details (model behavior, decision accuracy, data quality issues) alongside ICT-specific details (system availability, data integrity, recovery actions).

Third-party risk management. DORA places significant emphasis on managing risks from critical ICT third-party service providers. When a financial institution uses cloud-based AI services, those providers may be designated as critical ICT third-party service providers subject to direct regulatory oversight. On-premises AI deployment reduces — though does not eliminate — third-party dependencies. The organization still depends on hardware vendors, software frameworks, and potentially pre-trained model providers, but the operational dependency on a single cloud AI provider is removed.

Operational resilience testing. DORA requires financial entities to conduct regular digital operational resilience testing, including threat-led penetration testing for significant institutions. AI systems that support critical business functions must be included in this testing scope. This means that on-premises AI infrastructure must be designed for testability — the ability to simulate failures, test failover mechanisms, validate recovery procedures, and demonstrate that the AI system can withstand adverse conditions without producing harmful outputs.

Architecture Decisions Shaped by Financial Sector Constraints

The combination of EU AI Act and DORA requirements shapes specific architecture decisions for AI systems in financial services.

Data sovereignty and residency. Financial data — customer records, transaction histories, credit assessments, risk profiles — is among the most sensitive data an organization holds. DORA's requirements for data integrity and confidentiality, combined with GDPR's data protection requirements and the EU AI Act's data governance provisions, make a strong case for keeping AI inference, training, and RAG pipelines on-premises. When prompts contain customer financial data and model responses influence financial decisions, sending that data to an external AI API creates a third-party dependency that must be governed, monitored, and reported under DORA.

Model governance and change management. Financial regulators expect robust change management for systems that affect financial decisions. Under the EU AI Act, substantial modifications to high-risk AI systems trigger re-assessment obligations. DORA requires that changes to ICT systems follow controlled change management procedures. For on-premises AI, this means implementing model deployment pipelines with approval gates, rollback capabilities, and parallel running periods. Every model update — new weights, updated prompts, modified routing rules — should follow a change management process that satisfies both the AI governance requirements and the ICT change management requirements.

Audit trail architecture. Financial services already maintains extensive audit trails for regulatory compliance. AI systems must integrate into this existing audit infrastructure while capturing AI-specific events: inference requests and responses, model version selections, confidence scores, human override decisions, and data retrieval operations in RAG pipelines. Design the audit trail to support both real-time monitoring for operational purposes and historical reconstruction for regulatory inquiries. For high-frequency AI systems — fraud detection, trading surveillance, real-time risk scoring — the volume of audit data requires careful architecture to balance completeness with storage and query performance.

High availability and recovery. DORA sets explicit expectations for business continuity and disaster recovery for critical ICT systems. AI systems supporting critical financial functions must meet the same availability and recovery standards as other critical infrastructure. On-premises AI deployments need redundant inference capacity, automated failover, and tested recovery procedures. Define recovery time objectives and recovery point objectives for each AI system based on the criticality of the business function it supports.

ICT Risk Management for AI Infrastructure Under DORA

DORA's ICT risk management framework provides a structured approach that, when extended to cover AI-specific risks, creates a comprehensive governance model for on-premises AI in financial services.

Asset identification and classification. Register every AI system as an ICT asset within the organization's ICT asset inventory. Classify each system based on the criticality of the business function it supports and its risk level under the EU AI Act. This dual classification drives decisions about governance intensity, testing frequency, and resilience requirements.

Protection and prevention. Implement security controls that address both general ICT threats and AI-specific threats. Beyond standard network security, access control, and encryption, consider AI-specific protections: prompt injection defenses, model extraction prevention, training data poisoning detection, and adversarial input filtering. On-premises deployment allows security teams to implement these controls at the infrastructure level rather than depending on a cloud provider's security posture.

Detection and monitoring. Deploy monitoring that covers both infrastructure health and AI system behavior. Track not only system availability and performance metrics but also model output quality, data drift indicators, fairness metrics, and anomaly patterns. Integrate AI monitoring into the organization's existing security operations center and SIEM infrastructure so that AI-related anomalies are treated with the same urgency as other security events.

Response and recovery. Design incident response procedures that handle AI-specific failure modes: model degradation, biased output patterns, data pipeline corruption, and adversarial attacks. Map each failure mode to a response procedure that includes containment (stopping or restricting the affected system), assessment (determining the scope and impact), remediation (fixing the underlying cause), and communication (notifying stakeholders as required by both DORA and the EU AI Act).

Consider implementing a graceful degradation strategy where AI systems that detect quality issues in their own outputs automatically fall back to simpler, more conservative models or escalate to human decision-makers rather than continuing to produce potentially unreliable outputs.

A Practical Scenario: Credit Decision AI Under Dual Regulation

Consider a mid-sized European bank deploying an on-premises AI system that assists with credit decision-making. The system uses a combination of a fine-tuned language model for analyzing unstructured financial documents and a traditional machine learning model for credit risk scoring, with a RAG pipeline that retrieves relevant internal policy documents and historical decision patterns.

Under the EU AI Act, this system is classified as high-risk because it is used for creditworthiness assessment. The bank must maintain technical documentation, implement a risk management system, ensure data governance for training and evaluation data, enable human oversight of credit decisions, maintain accuracy and robustness, and log system operations for post-market monitoring.

Under DORA, the system is an ICT asset supporting a critical business function. The bank must include it in the ICT risk management framework, ensure it meets business continuity requirements, conduct resilience testing, manage any third-party dependencies, and report major incidents affecting the system.

By deploying on-premises, the bank keeps all customer financial data — loan applications, income documents, credit histories — within its own infrastructure. The RAG pipeline retrieves internal credit policies without sending queries to external services. Model inference runs on the bank's GPU infrastructure, and all logs are stored in the bank's own audit systems. Human credit officers review AI-assisted assessments before final decisions, with their override actions logged alongside the AI's original recommendation.

This architecture satisfies both regulations while giving the bank full control over its data, its models, and its compliance evidence — a degree of control that would be significantly harder to achieve and demonstrate with cloud-based AI services.

How Sysart and VDF AI Support Sovereign AI in Financial Services

Sysart Consulting works with financial institutions to design, implement, and govern on-premises AI systems that meet the combined requirements of the EU AI Act, DORA, GDPR, and sector-specific regulations. Our consultancy approach starts with a dual-regulation gap analysis that maps the institution's current AI capabilities against both regulatory frameworks, identifies compliance gaps, and prioritizes remediation based on risk and enforcement timelines.

The VDF AI platform provides a foundation for sovereign AI deployment in financial services. With on-premises inference, private RAG, model routing, governance controls, and comprehensive audit trails, VDF AI addresses many of the architectural requirements that financial institutions face under dual regulation. Model routing allows the institution to direct sensitive financial queries to local models while using less restricted models for non-sensitive tasks — always under governance policies that compliance teams can review and approve.

Financial AI governance is not a one-time implementation. It requires continuous monitoring, periodic reassessment, and adaptation as regulations evolve, business needs change, and AI technology advances. Sysart's approach embeds governance into the operating model so that compliance is maintained through normal business operations rather than depending on periodic compliance projects. The organizations that invest in this capability now will be well positioned as both the EU AI Act and DORA enter full enforcement — not because they avoided AI, but because they deployed it responsibly.

Featured image by Eugene Lim on Unsplash.