Self-assess your Digital Operational Resilience Act (DORA, Regulation EU 2022/2554) readiness — score the 5 pillars (ICT risk management, ICT incident management & reporting, resilience testing incl. TLPT, ICT third-party risk, information sharing), classify major incidents, check Register-of-Information readiness, and export a gap report. Word + CSV.
Score each requirement: Implemented = in place and evidenced (100%), Partial = started or informal (50%), Not implemented = absent (0%), N/A = not applicable with justification (omitted from the score). Readiness % is the mean of scored items. Proportionality applies to micro-entities (Art. 16).
⚠️ Educational estimate only — NOT legal, regulatory, financial, or compliance advice; consult a licensed professional. This tool is a self-assessment aid based on Regulation (EU) 2022/2554 (DORA, applicable since 17 January 2025) and its Regulatory/Implementing Technical Standards (RTS/ITS). DORA entered its first supervisory enforcement cycle in 2025–2026, with the first annual Registers of Information collected by competent authorities in April 2025 and the EU oversight framework for critical ICT third-party providers (CTPPs) being designated. The checklist items are representative summaries of the articles — not the full legal text and not a supervisory examination. Verify the consolidated regulation and the EBA/ESMA/EIOPA technical standards, and engage qualified legal and compliance counsel.