Metadata-Version: 2.4
Name: dora-compliance-mcp
Version: 1.2.2
Summary: DORA (EU Digital Operational Resilience Act) compliance for AI agents. 5-pillar audit, incident classification, Article 28 Register of Information, TLPT readiness. Regulation (EU) 2022/2554. By MEOK AI Labs.
Project-URL: Homepage, https://meok.ai/dora-compliance-mcp
Project-URL: Repository, https://github.com/CSOAI-ORG/dora-compliance-mcp
Project-URL: Documentation, https://meok.ai/docs/dora
Author-email: MEOK AI Labs <nicholas@meok.ai>
License: MIT License
        
        Copyright (c) 2026 MEOK AI Labs (Nicholas Templeman)
        
        Permission is hereby granted, free of charge, to any person obtaining a copy
        of this software and associated documentation files (the "Software"), to deal
        in the Software without restriction, including without limitation the rights
        to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
        copies of the Software, and to permit persons to whom the Software is
        furnished to do so, subject to the following conditions:
        
        The above copyright notice and this permission notice shall be included in all
        copies or substantial portions of the Software.
        
        THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
        IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
        FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
        AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
        LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
        OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
        SOFTWARE.
License-File: LICENSE
Keywords: banking-compliance,digital-operational-resilience-act,dora,eu-dora,eu-regulation,financial-compliance,fintech-compliance,ict-risk,mcp,meok-ai-labs,regulation
Classifier: License :: OSI Approved :: MIT License
Classifier: Operating System :: OS Independent
Classifier: Programming Language :: Python :: 3
Classifier: Topic :: Office/Business :: Financial
Classifier: Topic :: Software Development :: Libraries
Requires-Python: >=3.10
Requires-Dist: mcp>=1.0.0
Description-Content-Type: text/markdown

[![dora-compliance-mcp MCP server](https://glama.ai/mcp/servers/CSOAI-ORG/dora-compliance-mcp/badges/card.svg)](https://glama.ai/mcp/servers/CSOAI-ORG/dora-compliance-mcp)

<div align="center">

[![PyPI](https://img.shields.io/pypi/v/dora-compliance-mcp)](https://pypi.org/project/dora-compliance-mcp/)
[![Downloads](https://img.shields.io/pypi/dm/dora-compliance-mcp)](https://pypi.org/project/dora-compliance-mcp/)
[![GitHub stars](https://img.shields.io/github/stars/CSOAI-ORG/dora-compliance-mcp)](https://github.com/CSOAI-ORG/dora-compliance-mcp/stargazers)
[![License: MIT](https://img.shields.io/badge/License-MIT-green.svg)](LICENSE)

# DORA Compliance MCP

**Automate DORA (Digital Operational Resilience Act) compliance for EU financial entities.**

Regulation (EU) 2022/2554 — enforcement live since 17 January 2025. Penalties: up to 1% of average daily worldwide turnover for CTPPs.

[![MEOK AI Labs](https://img.shields.io/badge/MEOK_AI_Labs-224+_servers-purple)](https://meok.ai)

[Install](#install) · [Tools](#tools) · [Pricing](#pricing) · [Attestation API](#attestation-api)

</div>

---

## Why This Exists

DORA has been enforceable since January 2025. Every EU bank, insurer, investment firm, and their critical ICT providers must demonstrate operational resilience across 5 pillars. The regulation requires ICT risk management frameworks, incident reporting within 4 hours, threat-led penetration testing (TLPT), and third-party risk registers.

Traditional DORA compliance involves hiring consultancies at €800-1,500/day for 6-12 months. This MCP automates the 5-pillar assessment, generates Article 28 register entries, runs TLPT planning checklists, and produces incident classification templates — all from a single Claude prompt.

## Install

```bash
pip install dora-compliance-mcp
```

## Tools

| Tool | DORA Pillar | What it does |
|------|-------------|-------------|
| `assess_ict_risk` | Pillar 1 | ICT risk management framework assessment |
| `classify_incident` | Pillar 2 | Incident classification per Article 18 criteria |
| `plan_tlpt` | Pillar 3 | Threat-led penetration testing planning |
| `assess_third_party` | Pillar 4 | Article 28 ICT third-party risk register |
| `check_information_sharing` | Pillar 5 | Information sharing arrangement audit |
| `run_full_audit` | All 5 | Complete 5-pillar DORA readiness assessment |
| `sign_attestation` | — | HMAC-SHA256 signed compliance certificate |

## Example

```
Prompt: "Our bank uses 3 cloud providers and 2 SaaS fintech tools.
Run a full DORA 5-pillar assessment. Flag any ICT concentration risk
and generate the Article 28 register entries."

Result: 5-pillar assessment with ICT concentration risk flagged on
cloud provider dependency, Article 28 register entries for all 5
third parties, incident reporting template, TLPT scope recommendation.
Each section signed with attestation cert.
```

## Pricing

| Tier | Price | What you get |
|------|-------|-------------|
| **Free** | £0 | 10 calls/day — risk assessment + incident classification |
| **Pro** | £199/mo | Unlimited + HMAC-signed attestations + verify URLs |
| **Enterprise** | £1,499/mo | Multi-tenant + co-branded reports + webhooks |

[Subscribe to Pro](https://buy.stripe.com/14A4gB3K4eUWgYR56o8k836) · [Enterprise](https://buy.stripe.com/4gM9AV80kaEG0ZT42k8k837)

## Attestation API

```
POST https://meok-attestation-api.vercel.app/sign
GET  https://meok-attestation-api.vercel.app/verify/{cert_id}
```

Zero-dep verifier: `pip install meok-attestation-verify`

## Links

- Website: [meok.ai](https://meok.ai)
- All MCP servers: [meok.ai/labs/mcp/servers](https://meok.ai/labs/mcp/servers)
- Also see: [DORA + NIS2 Crosswalk MCP](https://github.com/CSOAI-ORG/dora-nis2-crosswalk-mcp) for dual compliance
- Enterprise support: nicholas@csoai.org

## License

MIT
<!-- mcp-name: io.github.CSOAI-ORG/dora-compliance-mcp -->
