Skip to main content
Glama
deenesjakoruzh
CSOAI-ORG

DORA Compliance MCP

by CSOAI-ORG
OverviewSchemaRelated ServersScoreDiscussions
Python
Local

dora-compliance-mcp MCP server MCP Registry PyPI

dora-compliance-mcp MCP server

PyPI Downloads GitHub stars License: MIT

DORA Compliance MCP

Automate DORA (Digital Operational Resilience Act) compliance for EU financial entities.

Regulation (EU) 2022/2554 — enforcement live since 17 January 2025. Penalties: up to 1% of average daily worldwide turnover for CTPPs.

MEOK AI Labs

Install · Tools · Pricing · Attestation API

Why This Exists

DORA has been enforceable since January 2025. Every EU bank, insurer, investment firm, and their critical ICT providers must demonstrate operational resilience across 5 pillars. The regulation requires ICT risk management frameworks, incident reporting within 4 hours, threat-led penetration testing (TLPT), and third-party risk registers.

Traditional DORA compliance involves hiring consultancies at €800-1,500/day for 6-12 months. This MCP automates the 5-pillar assessment, generates Article 28 register entries, runs TLPT planning checklists, and produces incident classification templates — all from a single Claude prompt.

Install

pip install dora-compliance-mcp

Tools

Tool

DORA Pillar

What it does

assess_ict_risk

Pillar 1

ICT risk management framework assessment

classify_incident

Pillar 2

Incident classification per Article 18 criteria

plan_tlpt

Pillar 3

Threat-led penetration testing planning

assess_third_party

Pillar 4

Article 28 ICT third-party risk register

check_information_sharing

Pillar 5

Information sharing arrangement audit

run_full_audit

All 5

Complete 5-pillar DORA readiness assessment

sign_attestation

HMAC-SHA256 signed compliance certificate

Example

Prompt: "Our bank uses 3 cloud providers and 2 SaaS fintech tools.
Run a full DORA 5-pillar assessment. Flag any ICT concentration risk
and generate the Article 28 register entries."

Result: 5-pillar assessment with ICT concentration risk flagged on
cloud provider dependency, Article 28 register entries for all 5
third parties, incident reporting template, TLPT scope recommendation.
Each section signed with attestation cert.

Pricing

Tier

Price

What you get

Free

£0

10 calls/day — risk assessment + incident classification

Pro

£199/mo

Unlimited + HMAC-signed attestations + verify URLs

Enterprise

£1,499/mo

Multi-tenant + co-branded reports + webhooks

Subscribe to Pro · Enterprise

Attestation API

POST https://meok-attestation-api.vercel.app/sign
GET  https://meok-attestation-api.vercel.app/verify/{cert_id}

Zero-dep verifier: pip install meok-attestation-verify

Links

License

MIT

This server cannot be installed

A
license - permissive license
-
quality - not tested
C
maintenance

How are these scores calculated?

Maintenance

Maintainers
Response time
Release cycle
1Releases (12mo)

Resources

Latest Blog Posts

MCP directory API

We provide all the information about MCP servers via our MCP API.

curl -X GET 'https://glama.ai/api/mcp/v1/servers/CSOAI-ORG/dora-compliance-mcp'

If you have feedback or need assistance with the MCP directory API, please join our Discord server