Regulator-accepted templates, a DORAi agent (coming soon) that tailors them to your exact ICT setup, and on-call experts who've already defended them in live EU license reviews. Built for microenterprises and CASPs — priced like it.
The full DORAi agent — with document tailoring, deep workflow integration, and regulation-grounded answers across all DORA pillars — is launching soon. Try the preview below to get a feel for what's coming.
Documentation a regulator has already accepted, paired with experts who've defended it in live EU license reviews. Skip six weeks of drafting. Start audit-defensible on day one.
The full DORA documentation set — ICT risk framework, incident workflow, resilience testing programme, third-party register, governance policies. Developed end-to-end in-house and already reviewed by EU regulators in live license proceedings.
On-call experts who've already defended these templates in live EU license reviews. A DORAi agent (beta) drafts your tailored version; our in-house IT and legal team reviews, refines, and stands behind it when the regulator calls.
DORA entered full enforcement on January 17, 2025. National regulators across the EU are now actively reviewing ICT risk frameworks — and spreadsheets are not a defence.
Maximum penalty for non-compliance with DORA obligations — per infringement.
Risk management, incident reporting, resilience testing, third-party risk, information sharing.
From zero documentation to a defensible, tailored framework — not six weeks of drafting.
A predictable sequence that takes you from "we have nothing on paper" to "we can walk into a regulator review with confidence" — in two weeks, not two quarters.
A short self-check tells you exactly where your ICT framework stands against DORA's five pillars.
Get the full regulator-accepted documentation set delivered the moment you start — no waiting.
Our AI agent (coming soon) will adapt each document to your exact ICT setup, vendors, and risk profile.
Our in-house IT and legal team reviews the final package and stands behind it in live reviews.
Priced for microenterprises and CASPs. No seat fees, no hidden retainers, no six-figure consultancy invoice at the end.
The regulator-accepted template set. Everything you need to build a defensible DORA framework, on day one.
Essentials plus DORAi agent tailoring (coming soon) and continuous updates as the RTS/ITS evolve. For teams with an audit on the calendar.
On-call IT & legal experts who've already defended these templates in live EU license reviews. For when you need a defender, not just a document.
Everything you need to know before you buy — or before your auditor asks.
The Digital Operational Resilience Act (EU 2022/2554) is binding EU law requiring all financial entities — banks, payment institutions, crypto asset service providers (CASPs), investment firms, and more — to prove their ICT systems can withstand disruptions. It has been fully applicable since 17 January 2025.
If you hold or are applying for an EU financial services or crypto licence, DORA applies to you regardless of company size.
DORA defines a microenterprise as a financial entity with fewer than 10 employees and annual turnover or balance sheet total under €2 million. Microenterprises benefit from proportionality provisions — simplified resilience testing, lighter reporting requirements — and our templates are specifically scoped to these thresholds.
The Essentials bundle covers all five DORA pillars:
ICT risk management policy · Incident classification & reporting procedures · Digital operational resilience testing plan · ICT third-party provider register · Business continuity & disaster recovery runbook.
Every document is mapped directly to the relevant RTS/ITS article so you can show your regulator exactly where each requirement is addressed.
Yes. The templates are built from the DORA RTS/ITS texts themselves, not generic risk frameworks, and have been reviewed in live EU licensing processes. They are principle-based by design — you fill them in to reflect your actual operations, so the result is genuinely defensible rather than checkbox theatre.
Essentials is a one-time purchase. You get the full documentation set, lifetime updates to the templates themselves, and nothing more.
Compliance+ adds a monthly subscription: continuous updates as the RTS/ITS evolve, DORAi agent tailoring (beta), and priority email support. It's the right choice if you have an audit on the calendar or want someone watching the regulatory horizon for you.
DORA has been enforceable since January 2025, so technically yes — but regulators are far more sympathetic to entities that can demonstrate a credible, documented framework, even if recently implemented, than to those with nothing at all. Starting today with a solid set of templates is still the right call.
Your DORA audit won't wait. Run a two-minute self-check, see exactly where you stand against the five pillars, and decide from there. No spam. No newsletter drip. GDPR-compliant.
See what out templates have to offer for your business. Customize it by using your personal Agent
