DORA Compliance MCP

EU Digital Operational Resilience Act (DORA) Compliance — 5-Pillar Audit, Incident Classification, TLPT

Overview

Full compliance automation for the EU Digital Operational Resilience Act (Regulation 2022/2554). Covers all 5 pillars: ICT Risk Management, Incident Reporting, Digital Operational Resilience Testing, ICT Third-Party Risk, and Information Sharing.

🆕 Quote verbatim DORA text in any audit

Install our sister MCP and pipe it through your agent for auditor-defensible quotes:

pip install eu-ai-act-compliance-mcp  # 1.5.1+

# In your Claude / OpenAI tool-use agent:
search_regulation(query="incident reporting", regulation="dora", limit=3)
get_article_text(regulation="dora", article_number=17)

Returns verbatim DORA text from publications.europa.eu Cellar (SPARQL-synced daily) with a canonical EUR-Lex deep link on every snippet — drop straight into audit evidence packs.

Tools

Installation

pip install mcp

Claude Desktop

{
  "mcpServers": {
    "dora-compliance": {
      "command": "python",
      "args": ["path/to/server.py"]
    }
  }
}

Cursor / VS Code / Windsurf

{
  "mcpServers": {
    "dora-compliance": {
      "command": "python",
      "args": ["path/to/server.py"]
    }
  }
}

Usage Examples

<<<<<<< Updated upstream MIT © MEOK AI Labs

Sister MCPs

Part of the MEOK Governance pack — designed to work together as a fleet. Install the whole pack with npx meok-setup --pack governance, or pick the ones you need:

• EU AI Act → uvx eu-ai-act-compliance-mcp · PyPI · GitHub

• NIS2 → uvx nis2-compliance-mcp · PyPI · GitHub

• Cyber Resilience Act → uvx cra-compliance-mcp · PyPI · GitHub

• AI Bill of Materials → uvx ai-bom-mcp · PyPI · GitHub

• AI Incident Reporting → uvx ai-incident-reporting-mcp · PyPI · GitHub

• DORA × NIS2 Crosswalk → uvx dora-nis2-crosswalk-mcp · PyPI · GitHub

Full catalogue + Anthropic Registry verify links: meok.ai/anthropic-registry

Protocol coverage + Universal PAYG

This MCP is part of MEOK's 47-MCP fleet that bridges every active agent-interop protocol and 30+ regulatory frameworks. See the full coverage matrix at meok.ai/protocols.

Agent interop protocols supported (8 live):

• ✅ MCP (Anthropic) — native

• ✅ A2A (Google + Linux Foundation, absorbed IBM ACP Sept 2025)

• ✅ IBM ACP — covered via A2A merge

• ◐ Stripe ACP (Agentic Commerce Protocol) — Q3 bridge via agent-commerce-protocol-mcp

• ◐ AP2 (Google Agent Payments) — partial via agent-commerce-payments-mcp

• ◐ x402 (Coinbase HTTP 402) — partial via api.meok.ai gateway

• → OASF / AGNTCY (Cisco Outshift + Linux Foundation) — Q3 bridge

• 👁 ANP (Cisco Agent Network) — watch-list

Pricing options:

Each tier above the free self-host adds HMAC-signed attestations verifiable at verify.meok.ai. Linux Foundation governance on the A2A spine means EU regulated buyers can deploy without vendor-lock-in objections.

=======

Run a full DORA audit

{
  "pillar": "ict_risk_management",
  "controls": ["incident response plan exists", "backups configured", "no formal testing"],
  "entity_type": "financial"
}

Assess third-party risk

{
  "provider_name": "AWS",
  "service_criticality": "critical",
  "contract_type": "cloud_infrastructure"
}

Pricing

• Free: 10 audits/day

• Pro: $99/mo — unlimited audits + reports

• Enterprise: $499/mo — full TLPT + third-party register

Built by MEOK AI Labs | meok.ai

Stashed changes

Wire it up — full stack

Pair this with the MEOK chain that turns one agent action into ONE signed compliance event:

1. bft-progress-council-mcp — anti-loop guardrail

2. agent-token-budget-mcp — hard spend cap

3. agent-prompt-injection-firewall-mcp — OWASP LLM01 scan

4. agent-audit-logger-mcp — hash-chained evidence

5. a2a-governance-bridge-mcp — fold N attestations → 1 signed event

6. agent-incident-relay-mcp — broadcast incidents to 5 regimes simultaneously

See meok.ai/mcp-stack for the full architecture and meok.ai/mcp-stack/demo for the live in-browser demo.