Everything You Need for DORA Compliance
Four pillars to guide your compliance journey — all free, all actionable.
Interactive Tools
Self-assessment tools, scope calculators, and compliance checklists — get actionable insights in minutes.
Knowledge Base
DORA articles, TIBER-EU framework guides, RTS/ITS summaries, and practical implementation resources.
Regulatory Updates
2025–2026 enforcement news, EBA/ESMA/EIOPA guidance, RTS developments and supervisory actions.
Provider Directory
Connect with vetted TLPT providers, red team operators, and ICT risk assessment specialists.
Latest DORA Updates
Regulatory news, guidance, and enforcement developments
ESA Supervisory Convergence Report on DORA Implementation
Joint ESA report highlights consistent enforcement gaps in ICT third-party risk registers and incident classification across EU member states.
EBA Publishes Updated Q&A on TLPT Scope Determination
Clarifications on which entities meet the significance threshold for mandatory TLPT, including revised guidance on cross-border operations.
TIBER-EU Framework v2.1 Released by ECB
Updated TIBER-EU framework aligns with DORA RTS on TLPT, introducing mandatory purple teaming requirements and revised threat intelligence standards.
Free Compliance Tools
Get instant answers — no registration required
DORA Readiness Assessment
5-step assessment covering entity classification, security posture, incident response, and DORA awareness. Get an instant readiness score.
TLPT Scope Checker
Determine whether your entity is required to conduct Threat-Led Penetration Testing under DORA Article 26, based on size and sector.
ICT Third-Party Risk Tier
Classify your ICT service providers according to DORA Article 28 risk tiers and determine applicable contractual requirements.
Featured Resources
Practical guides, templates, and frameworks — free to use
DORA Article-by-Article Summary
Plain-language breakdown of all 64 DORA articles with compliance implications for financial entities.
TLPT Provider RFP Template
Ready-to-use request for proposal template for selecting a DORA-compliant TLPT testing provider.
ICT Incident Classification Flowchart
Visual guide to determining whether an ICT incident qualifies as major and triggers DORA reporting obligations.
Third-Party Register Template
Excel-compatible template for building your DORA-compliant ICT third-party service provider register.
Need a TLPT Provider?
Finding a qualified, DORA-compliant TLPT provider is not straightforward. Providers must meet strict requirements under DORA Article 26 and the ESA Joint RTS on TLPT.
- Pre-vetted against DORA Article 26 tester requirements
- Experience with TIBER-EU / TIBER-XX national frameworks
- Coordinated intelligence-led testing approach
- Post-test remediation support included
Get Matched Free
Tell us your requirements and we'll connect you with a qualified provider within 24 hours.
Which Entities Are In Scope?
DORA Article 2 defines the scope. If your organisation is in this list and operates in or serves the EU market, compliance is mandatory.
Free, instant, no registration required for initial results
DORA's Five Compliance Pillars
The regulation is structured around five core pillars. Each financial entity must demonstrate compliance across all relevant areas.
ICT Risk Management
Arts. 5–16Governance framework, risk appetite, and ICT asset management.
Incident Reporting
Arts. 17–23Major ICT incident classification, reporting timelines, and notifications.
Digital Resilience Testing
Arts. 24–27Vulnerability assessments, penetration testing, and mandatory TLPT.
Third-Party Risk
Arts. 28–44Contractual requirements, oversight of critical ICT providers.
Intelligence Sharing
Art. 45Voluntary sharing of cyber threat information within the EU.