Compliance DORANIS2EU compliancefinancial entities

DORA + NIS2 EU Compliance Workbook

14-tab EU regulatory compliance workbook covering all 5 DORA pillars, NIS2 Article 21 measures, dual framework applicability decision tree, penalty calculator (2% DORA / €10M NIS2), and cross-framework mapping across 17 control domains.

DORA entered into force January 17, 2025 with no transitional period — as the ESAs stated on December 4, 2024, DORA does not provide for a transitional period. Financial entities are either compliant or in violation. NIS2 transposition deadline was October 17, 2024.

14-tab architecture:

Framework Applicability — dual decision tree with 32 questions: 14 DORA entity types + 17 NIS2 sectors + size thresholds. Formula-driven recommendations. Correctly handles lex specialis: DORA entities receive "DORA takes precedence" NIS2 output.

DORA Pillar 1 — ICT Risk Management — 33 requirements across Articles 5–16 with status/owner/evidence tracking and summary formulas.

DORA Pillar 2 — Incident Reporting — the 4-hour/72-hour/1-month 3-stage timeline, 7 classification criteria, 15-point readiness tracker.

DORA Pillar 3 — Resilience Testing — 20 testing requirements with basic vs TLPT split for significant entities.

DORA Pillar 4 — Third-Party Register — Register of Information template, 12 mandatory contractual provisions, CTPP guidance.

DORA Pillar 5 — Information Sharing — Article 45 implementation.

NIS2 Scope & Classification — 18 sectors with Annex I/II designation and transposition reality callout (22 Member States missed the October 2024 deadline).

NIS2 Article 21 Measures — all 10 minimum cybersecurity measures.

NIS2 Incident Timelines — 24h/72h/1-month with readiness tracker.

NIS2 Management Body Liability — Article 20 obligations and board briefing checklist.

Penalty Calculator — models fine exposure for both frameworks based on turnover input: 2% global turnover for DORA; Essential Entity €10M or 2%, Important Entity €7M or 1.4% for NIS2.

Cross-Framework Mapping — 17 control domains mapped across both frameworks with overlap strength indicator. Identifies where a single control satisfies both.

User Guide (31 pages, 15 sections): 2026 EU regulatory reality, DORA entity determination, all 5 pillars in depth, NIS2 for non-financial entities, Member State transposition variations, Article 20 personal liability, cross-framework efficiency, working with ESAs/NCAs/CSIRTs, 12 common pitfalls, execution timeline.

What's included

Excel (.xlsx) — fully editable
Word (.docx) — User Guide — fully editable
Instant download after purchase
Free updates — re-download when we release new versions
Practitioner License: unlimited client use (vCISO / MSP)

More from the CISO Marketplace ecosystem

GeneratePolicy.com AI-generated compliance-ready cybersecurity policies mapped to SOC 2, ISO 27001, NIST CSF, and more. Generate policies → CyberPolicy Shop Framework-aligned policy templates for compliance teams. SOC 2, HIPAA, PCI DSS, and ISO 27001. Shop compliance templates → CISO Marketplace Enterprise cybersecurity services — vCISO, compliance advisory, and program management. Learn more →

Choose your license:

Individual Practitioner $449.00

Organization License $1099.00

Best value

vCISO / MSSP License $2699.00

Secure checkout via Stripe
All major cards accepted
30-day satisfaction guarantee

Version 1.0

Last updated 2026-04-23

Workbook tabs 14