Does DoraAudit replace a lawyer?

No. DoraAudit is a pre-check tool that identifies gaps before a lawyer reviews. You save lawyer hours where everything is already in order.

How accurate is the analysis?

Analysis is based on official DORA Art. 30 text and Financial Supervisory Authority guidelines. AI-powered system checks 8 core requirements and provides specific recommendations.

Contract content is processed in real-time and not stored on the server. Data stays in your browser. Self-hosted variant is available for enterprise clients.

Who is behind DoraAudit?

Doraaudit, Tallinn. The team combines financial sector regulatory knowledge with software development experience.

What is the Evidence Gap Analyzer?

Evidence Gap Analyzer is a tool that maps your uploaded compliance documents against DORA requirements and identifies specific evidence gaps, missing controls, and remediation priorities.

EU 2022/2554

DORA Regulation Explorer

Browse and search DORA (Digital Operational Resilience Act) articles with this interactive tool. Plain-language explanations and compliance requirements.

Articles Covered

Critical Requirements

Chapters

68%

Your Coverage

Chapters

Glossary

ICT Risk

Any reasonably identifiable circumstance related to the use of ICT which, if materialised, may compromise the security of a financial entity.

Digital Operational Resilience

The ability of a financial entity to build, assure and review its operational integrity and reliability with respect to ICT-related disruptions.

TLPT

Threat-Led Penetration Testing — tests that mimic real-world cyber attacks against a financial entity's critical functions using threat intelligence.

Critical ICT Provider

A third-party ICT service provider whose disruption could systemically impact financial stability.

RTS

Regulatory Technical Standards — detailed rules drafted by ESAs for implementing DORA requirements.

Concentration Risk

Risk arising from over-reliance on a single ICT service provider for critical or important functions.

The mandatory register under DORA Art. 28(3) documenting all third-party ICT contractual arrangements.

ITS

Implementing Technical Standards — standard forms and templates drafted by ESAs for DORA compliance.

22 articles found

⚖

Chapter I: General Provisions

(Art. 1-4)

🛡

Chapter II: ICT Risk Management

(Art. 5-16)

⚠

Chapter III: ICT Incident Management

(Art. 17-23)

🔍

Chapter IV: Resilience Testing

(Art. 24-27)

🌐

Chapter V: Third-Party Risk

(Art. 28-44)

👥

Chapter VI: Information Sharing

(Art. 45)

🏛

Chapter VII: Competent Authorities

(Art. 46-56)

Ready to check your compliance?

Use our free self-assessment tool to find out how far you are from meeting DORA requirements.

Start Assessment Analyze Contract

DORA Regulation Explorer

Chapters

Glossary

Chapter I: General Provisions

Subject Matter

Scope

Definitions

Chapter II: ICT Risk Management

Governance and Organisation

ICT Risk Management Framework

Identification

Protection and Prevention

Response and Recovery Plans

Learning and Evolving

Chapter III: ICT Incident Management

ICT Incident Management Process

Classification of ICT Incidents

Reporting of Major ICT Incidents

Chapter IV: Resilience Testing

General Requirements for Digital Operational Resilience Testing

Threat-Led Penetration Testing (TLPT)

Chapter V: Third-Party Risk

General Principles on Third-Party ICT Risk

Preliminary Assessment of ICT Concentration Risk

Key Contractual Provisions

Oversight of Critical Functions

Designation of Critical ICT Providers

Chapter VI: Information Sharing

Cyber Threat Intelligence Sharing Arrangements

Chapter VII: Competent Authorities

Competent Authorities

Administrative Penalties and Remedial Measures

Ready to check your compliance?