Does DoraAudit replace a lawyer?

No. DoraAudit is a pre-check tool that identifies gaps before a lawyer reviews. You save lawyer hours where everything is already in order.

How accurate is the analysis?

Analysis is based on official DORA Art. 30 text and Financial Supervisory Authority guidelines. AI-powered system checks 8 core requirements and provides specific recommendations.

Contract content is processed in real-time and not stored on the server. Data stays in your browser. Self-hosted variant is available for enterprise clients.

Who is behind DoraAudit?

Doraaudit, Tallinn. The team combines financial sector regulatory knowledge with software development experience.

What is the Evidence Gap Analyzer?

Evidence Gap Analyzer is a tool that maps your uploaded compliance documents against DORA requirements and identifies specific evidence gaps, missing controls, and remediation priorities.

Contract Generator

Generate DORA-Compliant Contract

Select clauses and download a professional ICT service contract that meets DORA Art. 30 requirements.

Select Clauses

1. Service Level Agreements Art. 30(2)(a)

"The provider shall ensure service availability of at least 99.5% per quarter, measured by [monitoring system]. Service level degradation shall result in [X]% fee reduction."

2. Incident Notification Art. 30(2)(d)

"The provider shall notify the client of all ICT incidents without delay, no later than [4] hours after detection. Notification shall include impact analysis, prognosis and remediation measures."

3. Audit Rights Art. 30(2)(c)

"The client shall have the right to audit the provider systems at least [1] time per year, involving independent auditors. The provider shall ensure access and documentation necessary for the audit."

4. Exit Strategy Art. 30(2)(e)

"Upon termination, the provider shall ensure data and process handover within [90] calendar days. The transition plan shall include data formats, migration schedule and responsible persons."

5. Data Location and Processing Art. 30(2)(b)

"The provider shall process client data only within the EU/EEA. Subcontracting requires prior written consent. Data security measures shall comply with ISO 27001 standard."

6. Subcontracting Conditions Art. 30(2)(f)

"The provider shall not engage subcontractors without prior written consent. The list of subcontractors and their ICT risk profiles shall be provided before contract signing and upon any changes."

7. ICT Risk Management Art. 30(2)(g)

"The provider shall maintain an up-to-date ICT risk management framework covering risk identification, assessment and mitigation. Risk analysis results and mitigation measures shall be reported to the client quarterly."

8. Business Continuity Art. 30(2)(h)

"The provider shall ensure a business continuity plan is in place and tested at least [1] time per year. The plan shall include recovery time objectives (RTO ≤ [4h], RPO ≤ [1h]) and crisis procedures."

Selected: 8 / 8 clauses

Full DORA Art. 30 compliance

Contract Preview

ICT SERVICE PROVISION CONTRACT

DORA Article 30 Compliant

4.4.2026