io.github.CSOAI-ORG/dora-compliance-mcp
DORA (EU Digital Operational Resilience Act) compliance for AI agents. 5-pillar audit, incid...
Ask AI about io.github.CSOAI-ORG/dora-compliance-mcp
Powered by Claude · Grounded in docs
I know everything about io.github.CSOAI-ORG/dora-compliance-mcp. Ask me about installation, configuration, usage, or troubleshooting.
0/500
Reviews
Documentation
DORA Compliance MCP
Automate DORA (Digital Operational Resilience Act) compliance for EU financial entities.
Regulation (EU) 2022/2554 — enforcement live since 17 January 2025. Penalties: up to 1% of average daily worldwide turnover for CTPPs.
Install · Tools · Pricing · Attestation API
Why This Exists
DORA has been enforceable since January 2025. Every EU bank, insurer, investment firm, and their critical ICT providers must demonstrate operational resilience across 5 pillars. The regulation requires ICT risk management frameworks, incident reporting within 4 hours, threat-led penetration testing (TLPT), and third-party risk registers.
Traditional DORA compliance involves hiring consultancies at €800-1,500/day for 6-12 months. This MCP automates the 5-pillar assessment, generates Article 28 register entries, runs TLPT planning checklists, and produces incident classification templates — all from a single Claude prompt.
Install
pip install dora-compliance-mcp
Tools
| Tool | DORA Pillar | What it does |
|---|---|---|
assess_ict_risk | Pillar 1 | ICT risk management framework assessment |
classify_incident | Pillar 2 | Incident classification per Article 18 criteria |
plan_tlpt | Pillar 3 | Threat-led penetration testing planning |
assess_third_party | Pillar 4 | Article 28 ICT third-party risk register |
check_information_sharing | Pillar 5 | Information sharing arrangement audit |
run_full_audit | All 5 | Complete 5-pillar DORA readiness assessment |
sign_attestation | — | HMAC-SHA256 signed compliance certificate |
Example
Prompt: "Our bank uses 3 cloud providers and 2 SaaS fintech tools.
Run a full DORA 5-pillar assessment. Flag any ICT concentration risk
and generate the Article 28 register entries."
Result: 5-pillar assessment with ICT concentration risk flagged on
cloud provider dependency, Article 28 register entries for all 5
third parties, incident reporting template, TLPT scope recommendation.
Each section signed with attestation cert.
Pricing
| Tier | Price | What you get |
|---|---|---|
| Free | £0 | 10 calls/day — risk assessment + incident classification |
| Pro | £199/mo | Unlimited + HMAC-signed attestations + verify URLs |
| Enterprise | £1,499/mo | Multi-tenant + co-branded reports + webhooks |
Attestation API
POST https://meok-attestation-api.vercel.app/sign
GET https://meok-attestation-api.vercel.app/verify/{cert_id}
Zero-dep verifier: pip install meok-attestation-verify
Links
- Website: meok.ai
- All MCP servers: meok.ai/labs/mcp/servers
- Also see: DORA + NIS2 Crosswalk MCP for dual compliance
- Enterprise support: nicholas@csoai.org
License
MIT