EU DORA Compliance Decision Map
A fast way to answer the DORA questions that block execution. Use this decision map to confirm scope, choose the right implementation track, and translate DORA into incident reporting, testing, and third-party risk controls your team can operate.
This map is a snapshot. Regulations evolve, Level 2 acts and corrigenda land, and your organisation changes. Our Copilot keeps it current and tailored to your context. Our Autopilot evaluates where you stand and acts on the gaps.
Stop chasing complianceKey dates for DORA implementation
Track DORA's core milestones, Level 2 delegated and implementing acts, corrigenda, and supervisory deliverables that affect operational readiness.
What does DORA require for your role?
Trace your path from Article 2 scope to a clear outcome: out of scope, DORA full framework, simplified ICT framework, or ICT third-party provider (including potential CTPP oversight).
Turn DORA into an evidence-ready program
This decision map is a strong baseline. Sorena Research Copilot can tailor it to your entity type, group structure, outsourced ICT stack, and regulators, then turn it into deliverables your team can actually use.
- Confirm scope and exclusions against your entity profile and group structure
- Generate incident reporting workflows with templates, roles, and escalation paths
- Operationalise register-of-information and third-party contract requirements
- Plan testing, TLPT readiness, and evidence collection by stakeholder