Iranian Drone Strikes Test the Gulf's Trillion-Dollar AI Dream
Rest of World analyzed how Iranian strikes threatened the Gulf states' AI and data center investments with cascading implications for financial AI.
Key Metrics
Gulf AI Investment
Trajectory disrupted
was: Hundreds of billions planned
Trillion-dollar vision threatenedFinancial AI Use Cases
All dependent on at-risk infrastructure
was: Fraud, credit, AML
AI degrades with infrastructureAI Computing Geography
Gulf = conflict zone
was: Gulf as hub
Concentration meets geopolitical riskFallback Readiness
Fallbacks needed
was: AI assumed available
Rule-based fallbacks for AI processesThe Situation
Financial AI at Risk
Gulf banks rapidly adopting AI for fraud detection, credit risk, AML, and customer service found their AI capabilities dependent on at-risk infrastructure. Sovereign AI requirements requiring local data processing created tension with resilience needs during conflict.
The disruption affected not just local institutions but global ones planning to use Gulf AI computing capacity. For DORA Art. 5-6, geopolitical risk must be integrated into AI strategy.
The Challenge
The AI Dream Meets Geopolitical Reality
On March 2, 2026, Rest of World analyzed how Iranian strikes threatened the Gulf states' trillion-dollar AI vision. UAE, Saudi Arabia, Qatar, and Bahrain had positioned themselves as global AI hubs, attracting massive US tech investment. The military conflict confronted this vision with geopolitical reality.
For financial institutions, this highlighted an underappreciated risk: many Gulf banks planned to leverage local AI infrastructure for fraud detection, credit scoring, and compliance automation. The conflict threatened not just existing workloads but the entire AI-enabled transformation roadmap.
The Approach
DORA and AI Infrastructure Resilience
Art. 5-6 — AI in Risk Management
AI infrastructure dependencies (GPU availability, model hosting, training data) must be in ICT risk registers.
Art. 28 — AI as Third-Party Dependency
Cloud-hosted AI services create concentration risk — GPU computing capacity is geographically concentrated.
Art. 11 — AI Continuity
Critical AI-powered processes need rule-based fallback systems for when AI infrastructure is unavailable.
Art. 24 — Testing AI Failure
Resilient testing should include AI infrastructure failure verifying fallback activation and acceptable degraded-mode operation.
The Results
AI Resilience as Operational Resilience
As AI becomes embedded in critical financial processes, AI infrastructure resilience becomes a critical operational concern. GPU computing is geographically concentrated, creating AI-specific concentration risk.
Recommendations
- Include AI infrastructure in DORA risk registers
- Maintain rule-based fallback systems for AI-dependent processes
- Diversify AI computing geography across stable regions
- Test AI infrastructure failure scenarios under DORA Art. 24
Lessons Learned
- 1DORA Art. 5-6 must include AI infrastructure dependencies in risk registers.
- 2DORA Art. 11 requires rule-based fallbacks for AI-dependent critical processes.
- 3DORA Art. 28-29 must address AI-specific geographic concentration risk.
- 4DORA Art. 24 should test AI infrastructure failure scenarios.
- 5AI computing geography should be diversified across geopolitically stable regions.
Disclaimer:This case study is based on anonymized data from real-world DORA compliance programmes. Names, specific figures, and identifying details have been changed to protect confidentiality. The outcomes described are specific to the institution's context and may not be directly replicable.
Facing similar challenges?
See how Valendir can help your institution achieve and maintain DORA compliance with deterministic workflows, immutable evidence, and continuous assurance.