DORA · Regulation (EU) 2022/2554
DORA compliance, mapped to the actual articles.
The Digital Operational Resilience Act asks for specifics — contractual provisions, a Register of Information, critical-function declarations and resilience testing. ResiliencePilot is built around those specifics, not a generic control set.
What DORA requires — and how we deliver it
From obligation to evidence.
Each DORA obligation has a home in the platform, with the audit trail and approvals a supervisor expects.
Article 30 contract provisions
Track the mandatory contractual provisions for ICT third-party arrangements — standard for important suppliers, enhanced for critical ones — with status and evidence per supplier.
Critical-function declarations
Declare functions supporting critical or important services, link them to suppliers and dependencies, and keep the rationale audit-ready.
Register of Information
Maintain the DORA Register of Information across your ICT third-party arrangements, ready to export for the supervisory authority.
ICT resilience testing
Plan and evidence your digital operational resilience testing programme, mapped to the functions it protects.
Incident reporting
rAIley drafts major-incident reports mapped to DORA's classification and timelines, citing the linked records — your team reviews and submits.
Third-party risk management
Tier ICT third parties by criticality, run due-diligence questionnaires with AI-assisted review, track assurance and certifications, and evidence Article 30 obligations — all linked to your risk register.
Where rAIley helps with DORA
rAIley drafts the documents DORA generates a lot of — major-incident reports aligned to the classification and timelines, supplier-review summaries and resilience-testing write-ups — grounded in your own records and fully audit-logged. You stay the approver.
DORA — frequently asked questions
- Yes. You maintain the DORA Register of Information across your ICT third-party arrangements and export it for the supervisory authority.
- Each ICT supplier arrangement tracks the mandatory provisions — the standard set for important suppliers and the enhanced set for critical ones — with status and supporting evidence.
- rAIley drafts major-incident reports aligned to DORA's classification criteria and reporting timelines, citing the linked incident records. Your team reviews and submits — nothing is auto-filed.
- In the EU, on Microsoft Azure (Sweden Central) — relevant for DORA's data residency and oversight expectations. If you have specific residency requirements, talk to us.
- Yes — ResiliencePilot supports DORA, NIS2, ISO 27001, ISO 22301, SOC 2 and Cyber Essentials on one platform, so overlapping controls are reused rather than duplicated.
Does ResiliencePilot cover the Register of Information?
How does it handle Article 30 contract provisions?
Can rAIley help with DORA incident reporting?
Where is our data hosted?
Does it also cover NIS2 and ISO 27001?
Get DORA-ready with ResiliencePilot.
A 30-minute walkthrough mapped to your framework and your team. Pricing is tailored — talk to us about what you need.