RegTech · DORA Compliance · EU Financial Services

Your DORA Register of Information, automated and audit-ready.

Dokimos automates ICT third-party risk management under DORA — from Article 30 contract gap analysis to the EBA-format Register of Information. Built for compliance teams who need to be ready for the supervisor, not just the next audit.

Book a demo How it works
Built for regulated entities under DORA:
Credit Institutions Payment Service Providers Investment Firms Crypto-Asset Service Providers

Product preview

Coming soon — book a demo to see a live walk-through of the contract gap analysis and Register generation.

DORA Solution

Built around the hardest part of DORA.

ICT third-party risk is where most DORA programmes are bleeding time and money. We start there.

Contract Gap Analysis

Upload existing ICT service contracts. We extract the clauses, map them against DORA Article 30 mandatory provisions, and produce a remediation report — what's present, what's missing, what needs renegotiation.

Register of Information

Generate and maintain your Register in the EBA's mandated ITS format. Automatically updated as contracts and providers change. Always supervisor-ready.

Provider Classification

AI-assisted classification of ICT third parties by criticality, with explainable reasoning. Your compliance team reviews and approves — we do the heavy lifting.

Continuous Change Monitoring

When the EBA, ESMA, or your national competent authority updates guidance, we tell you exactly what changed and which of your providers are affected.

Platform

How Dokimos works.

Five capabilities that turn DORA Articles 28–30 from a 6-month spreadsheet exercise into a live, supervisor-ready system.

  • Article-level mapping against DORA Articles 28–30 and the relevant RTS and ITS.
  • Contract ingestion and clause extraction from your existing ICT third-party contracts.
  • EBA-format Register of Information generation and maintenance.
  • Provider criticality classification with full explainability and audit trail.
  • Continuous regulatory change monitoring across EBA, ESMA, EIOPA, and national competent authorities.

Register of Information

Build your complete Register of Information from your existing contract portfolio. Most firms get to a supervisor-ready first draft within their first week on Dokimos.

Why Dokimos

Built by people who know regulation, not just software.

Regulation-Native Design

Every workflow, field, and report maps directly to DORA articles and RTS requirements — no translation layer between your team and the regulation.

Built for the Wedge, Not the Brochure

We don't pretend to solve all of DORA on day one. We solve the third-party risk and Register of Information problem better than anyone, and expand from there with our customers.

Secure & Sovereign

EU-hosted infrastructure, end-to-end encryption, and private deployment options for institutions with data residency and supervisory notification obligations.

Roadmap

What's next.

We're shipping ICT Third-Party Risk and the Register of Information today. Here's the order we expand from there.

Live

ICT Third-Party Risk + Register of Information

Article 28–30 coverage, contract gap analysis, Register generation, provider classification, change monitoring.

Next

DORA Incident Reporting

Article 17–23 coverage. Incident classification against DORA thresholds, regulator-ready reporting, deadline tracking.

Then

Full DORA Coverage

Operational resilience testing, ICT logs and monitoring, and the broader ICT risk framework.

Talk to us about your Register of Information

Book a 30-minute call. We'll walk through your current third-party risk programme, show you a live contract gap analysis, and tell you honestly whether Dokimos is the right fit for where you are.