Metadata-Version: 2.4
Name: dora-nis2-crosswalk-mcp
Version: 1.0.3
Summary: DORA × NIS2 Crosswalk MCP — map Regulation (EU) 2022/2554 obligations to Directive (EU) 2022/2555 Article 21-23 measures, and vice versa. For EU banks, insurers, payment institutions, crypto-asset service providers, and their CTPPs (critical ICT third-party providers). Dual-compliance scoring + HMAC-signed attestations. By MEOK AI Labs.
Project-URL: Homepage, https://meok.ai/dora-nis2-crosswalk-mcp
Project-URL: Repository, https://github.com/meok-ai-labs/dora-nis2-crosswalk-mcp
Author-email: MEOK AI Labs <hello@meok.ai>
License: MIT License
        
        Copyright (c) 2026 MEOK AI Labs (Nicholas Templeman)
        
        Permission is hereby granted, free of charge, to any person obtaining a copy
        of this software and associated documentation files (the "Software"), to deal
        in the Software without restriction, including without limitation the rights
        to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
        copies of the Software, and to permit persons to whom the Software is
        furnished to do so, subject to the following conditions:
        
        The above copyright notice and this permission notice shall be included in all
        copies or substantial portions of the Software.
        
        THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
        IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
        FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
        AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
        LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
        OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
        SOFTWARE.
License-File: LICENSE
Keywords: crosswalk,ctpp,directive-2022-2555,dora,dual-compliance,eu-banking,eu-insurance,financial-services-compliance,incident-reporting,mcp,meok-ai-labs,nis2,regulation-2022-2554,signed-attestation
Classifier: License :: OSI Approved :: MIT License
Classifier: Operating System :: OS Independent
Classifier: Programming Language :: Python :: 3
Classifier: Topic :: Office/Business :: Financial
Requires-Python: >=3.10
Requires-Dist: mcp>=1.0.0
Description-Content-Type: text/markdown

# DORA × NIS2 Crosswalk MCP


> ## Buy Starter — £29/mo
> **Signed attestations + unlimited audits + email support.**
> 👉 **[Subscribe at meok.ai](https://buy.stripe.com/aFa5kF1BW146gYRdCU8k83U)** — instant HMAC signing key + Stripe-managed billing.
>
> Free tier remains MIT-licensed and zero-config. Upgrade only when you need signed compliance artefacts for audit.

[![PyPI](https://img.shields.io/pypi/v/dora-nis2-crosswalk-mcp)](https://pypi.org/project/dora-nis2-crosswalk-mcp/) [![Python](https://img.shields.io/pypi/pyversions/dora-nis2-crosswalk-mcp)](https://pypi.org/project/dora-nis2-crosswalk-mcp/)


**Map Regulation (EU) 2022/2554 (DORA) obligations to Directive (EU) 2022/2555 (NIS2) Article 21-23 measures** — so EU banks, insurers, payment institutions, crypto-asset service providers, and their CTPPs can prove dual compliance without re-auditing the same controls twice.

By [MEOK AI Labs](https://meok.ai).

## Why this exists

Most EU financial entities are in scope for **both** DORA and NIS2. The obligations overlap ~65% but:

- Reporting clocks differ (DORA: 4h/72h/1mo — NIS2: 24h/72h/1mo + 3mo progress)
- Competent authorities differ (DORA: national FSA — NIS2: national CSIRT)
- Classification thresholds differ (Commission Delegated Reg (EU) 2024/1772 vs NIS2 national transpositions)

If you treat them as two separate programmes, you duplicate work. If you treat them as one with a crosswalk, you don't.

## Tools

- `list_overlapping_obligations` — full crosswalk table with "satisfies-both-if" test
- `compare_reporting_clocks` — side-by-side incident reporting timeline
- `check_dual_compliance` — score your current controls against both regimes
- `sign_dual_compliance_attestation` — Pro/Enterprise: cryptographically signed dual-compliance cert

## Install

```bash
pip install dora-nis2-crosswalk-mcp
```

## Tiers

- **Free** — 10 queries/day, crosswalk + clocks
- **Pro £199/mo** — unlimited + dual-compliance gap scoring + signed attestations
- **Enterprise £1,499/mo** — multi-entity, gap-remediation export
- **£5,000 assessment** — 48h dual-compliance gap review + roadmap

## Related MEOK MCPs

- [`dora-compliance-mcp`](https://pypi.org/project/dora-compliance-mcp/) — DORA alone
- [`nis2-compliance-mcp`](https://pypi.org/project/nis2-compliance-mcp/) — NIS2 alone
- [`cra-compliance-mcp`](https://pypi.org/project/cra-compliance-mcp/) — EU CRA
- [`meok-attestation-verify`](https://pypi.org/project/meok-attestation-verify/) — verify signed certs

## Full Compliance Platform

Need more than crosswalk mapping? **[councilof.ai](https://councilof.ai)** provides the complete EU regulatory compliance stack — DORA, NIS2, EU AI Act, CRA, CSRD — from £29/mo.

→ **[Get started at councilof.ai](https://councilof.ai)**

> **If this tool helps your compliance workflow, please [star this repo](https://github.com/meok-ai-labs/dora-nis2-crosswalk-mcp/stargazers)** — it helps other teams find it.

## License

MIT — [MEOK AI Labs](https://meok.ai), 2026.

<!-- meok-faq-schema-v1 -->
<script type="application/ld+json">
{
  "@context": "https://schema.org",
  "@type": "FAQPage",
  "mainEntity": [
    {
      "@type": "Question",
      "name": "Is this MCP server free to use?",
      "acceptedAnswer": {
        "@type": "Answer",
        "text": "Yes. The free tier gives you 10 calls per day with no API key required. Pro tier is £79/mo for unlimited calls plus cryptographically signed attestations your auditor can verify independently."
      }
    },
    {
      "@type": "Question",
      "name": "How does the signed attestation work?",
      "acceptedAnswer": {
        "@type": "Answer",
        "text": "Every Pro tier audit produces a HMAC-SHA256 signed certificate with a unique ID and a public verify URL. Your auditor pastes the cert into https://meok-attestation-api.vercel.app/verify and gets an independent valid/invalid response. No contact with MEOK required."
      }
    },
    {
      "@type": "Question",
      "name": "Which MCP clients does this work with?",
      "acceptedAnswer": {
        "@type": "Answer",
        "text": "All standard MCP clients: Claude Desktop, Claude Code, Cursor, VS Code with MCP extension, Windsurf, Cline, and any custom MCP-compatible agent. Install via npx meok-setup or pip install for the underlying Python package."
      }
    },
    {
      "@type": "Question",
      "name": "Can I install all MEOK governance MCPs at once?",
      "acceptedAnswer": {
        "@type": "Answer",
        "text": "Yes. Run npx meok-setup --pack governance to install all 10 governance MCPs and write the configs for Claude Desktop, Cursor, or Windsurf in one command."
      }
    },
    {
      "@type": "Question",
      "name": "Is the regulation text authoritative?",
      "acceptedAnswer": {
        "@type": "Answer",
        "text": "Yes. MEOK syncs daily from the EUR-Lex Cellar SPARQL endpoint, the canonical EU regulation publication system. The text is verbatim with no LLM summarization. Every quote is auditor-defensible and includes the exact article number plus relevance score."
      }
    }
  ]
}
</script>

<!-- mcp-name: io.github.CSOAI-ORG/dora-nis2-crosswalk-mcp -->
