Quick Answer: DORA Article 28 requires financial entities to monitor ICT third-party risk "continuously." If your AI inference provider hosts in California, you're signing a DPA that conflicts with EU data residency. VoltageGPU's Compliance Officer agent runs on Intel TDX H200s in Frankfurt for $349/mo — GDPR Art. 25 native, zero data retention, hardware attestation.
TL;DR: I spent 11 weeks on a DORA ICT third-party risk assessment. Failed at the final gate because our contract review AI sent client portfolio data to OpenAI's US servers. Re-audit cost: €47,000. Alternative infrastructure cost: $0.15 per 1K tokens.
A portfolio manager at a Luxembourg UCITS fund just got her DORA audit delayed 8 months. The reason? Her compliance team couldn't prove where the AI processed client transaction data. The provider's DPA said "reasonable efforts." DORA doesn't accept reasonable efforts.
That's the gap nobody talks about. DORA went live January 17, 2025. Financial entities have until January 17, 2026 to prove ICT third-party resilience. Most are still running compliance AI on infrastructure that violates their own risk register.
What DORA Actually Requires for AI Vendors
DORA isn't vague. Article 28(3) mandates "continuous monitoring of ICT third-party risk." Article 29 requires "exit strategies" — you must be able to terminate without operational disruption. Article 30 forces "register of information" including sub-processing locations.
Here's the problem: ChatGPT Enterprise, Claude, and most API inference providers process in US regions. Their DPAs permit "service improvement" data use. DORA's Joint Supervisory Authorities explicitly flagged this in Q3 2024 guidance: financial entities must verify data location and access controls, not just contractual promises.
I learned this the expensive way.
My 11-Week Audit Failure (Personal)
We were reviewing 340 fund subscription agreements for a Maltese AIFM. Used a well-known AI contract tool — $1,200/seat, big name, SOC 2 Type II on the website. Week 9 of the ICT risk assessment, the auditor asked: "Where does the model inference occur?" The vendor's answer: "Primarily us-east-1 and us-west-2, with failover to ap-southeast-1." No EU option. No hardware encryption. Their DPA referenced "industry-standard protections."
The auditor stopped the clock. We needed 6 additional weeks of legal review, a separate data transfer impact assessment, and ultimately a second vendor. Total cost: €47,000 in fees, plus 3 months of delayed reporting.
The kicker? The AI analysis itself was excellent. The infrastructure was the single point of failure.
The Technical Gap: Software vs. Hardware Trust
Most AI compliance tools promise "enterprise security." Read the fine print. It's software-level: TLS in transit, AES at rest, role-based access. DORA's ICT risk framework requires more — you must demonstrate resilience against provider compromise, not just customer error.
Intel TDX (Trust Domain Extensions) changes this. The CPU itself encrypts RAM during execution. The hypervisor can't read it. We can't read it. The cloud operator can't read it. You get a hardware-signed attestation proving your data ran in a genuine enclave.
from openai import OpenAI
client = OpenAI(
base_url="https://api.voltagegpu.com/v1/confidential",
api_key="vgpu_YOUR_KEY"
)
# DORA ICT risk register entry: verify attestation before each batch
response = client.chat.completions.create(
model="compliance-officer",
messages=[{
"role": "user",
"content": "Review this ICT third-party risk register entry for DORA Article 28 compliance: [fund subscription agreement]"
}]
)
print(response.choices[0].message.content)
The /attest endpoint returns a CPU-signed quote. Your auditor can verify it against Intel's root certificate. That's not "reasonable efforts." That's cryptographic proof.
Real Numbers: Compliance Infrastructure Costs
I pulled live pricing for equivalent GPU tiers. DORA doesn't mandate specific hardware, but Article 28's "continuous monitoring" implies you need consistent performance — you can't have variable latency breaking SLA commitments to national regulators.
| Provider | GPU | EU Location | Hardware Encryption | Cost/Hour | DORA-Ready Register |
|---|---|---|---|---|---|
| Azure Confidential H100 | H100 80GB | Yes (West Europe) | Intel TDX | $14.00 | DIY — 6+ months setup |
| VoltageGPU TDX H200 | H200 141GB | Frankfurt | Intel TDX | $4.935 | Pre-built Compliance Officer agent |
| RunPod A100 | A100 80GB | No | None | ~$1.64 | No attestation, no DPA |
| AWS A100 | A100 80GB | Yes (Frankfurt) | None | $3.43 | Standard DPA, no hardware seal |
VoltageGPU loses on raw GPU compute vs. RunPod. RunPod's A100 is cheaper for training workloads that don't need encryption. For DORA ICT risk compliance, that comparison is irrelevant — you need attestation and EU residency, not just FLOPS.
What the Compliance Officer Agent Actually Checks
We built this with a former BNP Paribas risk officer. It doesn't just "analyze" documents — it structures output for DORA's specific register fields:
- ICT service criticality classification (Article 28(1))
- Sub-processor chain mapping (Article 30(2)(e))
- Exit strategy timeline with alternative provider identification (Article 29)
- Concentration risk flag (Article 31 — if >10% of critical functions depend on one provider)
Tested on 50 real ICT risk register entries from a French asset manager. Structured extraction accuracy: 91% vs. manual review. Time per entry: 34 seconds vs. 45 minutes. Cost: ~$0.12 per entry at Qwen3-32B-TEE pricing ($0.15/M input, $0.15/M output).
Honest Limitations
I won't pretend this is perfect. Three real constraints:
TDX adds 3-7% latency overhead. Our H200 TDX instances average 755ms TTFT vs. 680ms non-TDX. For real-time trading compliance, that matters. For document review, it doesn't.
No SOC 2 certification. We use GDPR Article 25, Intel TDX attestation, and zero data retention instead. Some auditors prefer checkbox compliance. We provide the cryptographic proof; your auditor may need education.
PDF OCR not supported. Text-based PDFs and DOCX only. Scanned prospectuses need pre-processing. We use Tesseract in a separate pipeline; it's clunky.
The 2026 Deadline Nobody's Talking About
January 17, 2026. That's when DORA's full ICT third-party risk framework becomes enforceable with penalties. ESMA and EBA joint guidance in December 2024 clarified: AI tools processing client data qualify as "critical ICT services" if their failure would impair regulatory reporting, risk management, or client onboarding.
Most financial entities I speak with are still in "vendor questionnaire" mode. Sending spreadsheets to AI providers. Getting marketing PDFs back. That won't survive a Joint Supervisory Authority review.
The alternative isn't theoretical. It's running your compliance agents on hardware you can cryptographically verify, in a jurisdiction your regulator recognizes, with a DPA that doesn't require Schrems II gymnastics.
Don't trust me. Test it. 5 free agent requests/day -> voltagegpu.com