The Financial Industry Between DORA and AI – Why Speed and Regulatory Requirements Are Not Mutually Exclusive

AI is a stress test for decision-making ability

For years, the division of labor was clear: departments defined requirements, IT departments developed solutions. Processes were sequential, governance was centralized, and speed was limited by capacity and regulation. 

This model is beginning to erode. 

It is still viable, but it will eventually disappear because the framework conditions have changed. When a department can build a functioning application in a matter of days with the help of AI, implementation expertise, responsibility, and expectations shift simultaneously. Speed is no longer seen as an exception, but as the new normal. 

However, speed without a framework creates confusion. App sprawl replaces Excel sprawl. Modern interfaces conceal structural risks. Integration, logging, IAM, incident capability. All of this only becomes relevant when something goes wrong. 

AI is therefore not a tool issue. It is a maturity test. Organizations that have already struggled with agility, silos, unclear ownership, and sluggish decision-making processes will not suddenly become fluid with AI. They will become dysfunctional more quickly. Not because of the model, but because of a lack of adaptability. 

The real question is therefore not: Should departments be allowed to develop? 

But rather: How do we design the framework in which they do so?

The construction site as strategic infrastructure

Developing specialist areas is neither risky per se nor automatically progressive. The decisive factor is the framework in which it takes place.

Where this framework is lacking, new islands quickly emerge. Solutions are built quickly, often convincing from a technical point of view, but isolated in organizational terms. Integration, quality assurance, and documentation follow late. In the short term, the organization gains momentum, but in the long term, it loses overview and control.

The situation is different when the construction site is deliberately designed. Then IT sees itself not as a controlling authority, but as a designer of the infrastructure. It creates environments in which ideas can grow and defines transitions where experiments become viable solutions.

In this understanding, sandbox, stage, and production are stages of maturation. Each stage increases clarity, stability, and transparency. Development remains fast, but it remains connectable.

The construction site is therefore not a technical playground. It is strategic infrastructure.

Architecture becomes a differentiating factor

The fact that more people are involved in development means that the broader the development, the more important the supporting structures become. This greatly enhances the value of good engineering.

Architecture, clean decomposition, integration capability, and dealing with uncertainty determine whether speed has a lasting effect or only impresses in the short term. Anyone who believes that speed makes architecture irrelevant will find that it makes it existential.

The role of IT is also shifting. It is less of an exclusive producer of individual applications and increasingly a platform operator. Its value lies in designing an architecture in which others can design safely and responsibly. The department is evolving from a pure requester to a co-designer with clear responsibility for benefits, technical accuracy, and further development. Engineering is not disappearing. What is disappearing is mediocrity.

High-speed governance becomes a core competency

When generation is faster than governance, old structures collapse. Solutions emerge faster than they can be integrated, documented, or secured. Speed becomes a structural challenge.
That's why speed requires discipline. Not as a brake, but as a guide.
Fusion teams embody this new logic. Business and IT do not work in sequential handoffs, but with shared responsibility. Accountability is shared. A center of excellence creates transparency about what is being created, bundles standards, and prevents redundant parallel developments.
Governance thus loses its character as a control instrument. It becomes a benchmark. It does not slow things down, but rather accelerates them because it provides direction.

Quality is no longer a gate. It's a loop.

For a long time, organizations treated quality as a control point. At the end of a project, it was checked, approved, and released. Quality was a moment in time, clearly scheduled and neatly documented. A checklist determined whether something was “finished.”
With AI, this logic is fundamentally shifting. Systems that work probabilistically do not always deliver identical results. They respond to contexts, data, and formulations. This does not mean that they are unreliable, but that quality can no longer be conclusively determined. It changes with use.
This means that the classic gate loses its significance. Quality is now created through continuous observation. Through monitoring, feedback, and adaptation. The all-important final test is no longer necessary. Tests are evolving from formal verification to a learning tool. Reviews are no longer just a means of control, but part of an ongoing dialogue with the system.

AI is changing not only processes, but also implementation conditions.

The profound change does not lie in new tools or more efficient processes. It lies in the shifts in responsibility, influence, and decision-making authority. When departments are now able to implement changes much more independently, it not only changes processes. It changes the architecture of the organization.

Value creation occurs closer to the technical problem. Decisions are prepared where the market, customer, or risk are immediately understood. This increases speed and relevance. At the same time, it shifts the balance. The question is no longer just who develops, but who shapes the conditions for this development.

Whoever operates the platform sets standards. Whoever is responsible for the infrastructure determines the pace. Whoever structures data access shapes dependencies.

These levels have a subtle but lasting effect. Standards determine what is simple and what is complex. Infrastructure determines which ideas can scale and which will peter out. Data access regulates who is allowed to design and who has to wait. This makes technological design a strategic discipline. It is no longer just about efficiency, but about controllability. It is about whether the organization orchestrates its own development or whether it is driven by established structures, external dependencies, or internal power centers. AI acts as an accelerator in this structure. It shortens the path between idea and implementation and makes shifts visible more quickly. Where responsibilities are unclear, tensions arise. Where governance exists only formally, gray areas arise. Where platforms are strong, leverage arises. Companies that view this dynamic exclusively from an operational perspective, as a productivity gain or cost effect, are thinking too short-term. The real challenge is strategic: Who designs the guard rails? Who defines the rules of the game? And how can we prevent speed from becoming a source of new dependencies?

Those who do not ask these questions will optimize their day-to-day business but lose out in the long term in structural competition.

Integration rather than decision-making

DORA raises the level of obligation for organizations, while AI lowers the barriers to implementation. Those who think exclusively in terms of regulation will slow down innovation. Those who think exclusively in terms of technology will accumulate risks that will later prove costly.

Strategic maturity arises when both are considered together.

The future does not lie in choosing between control and speed. It lies in consciously combining the two. And now is the time to actively shape this construction site before it organizes itself.