Skip to content

Resource library

Practical artefacts for turning regulation into an operating model — controls, documents, ownership, evidence. Organized as a tree: pick the area you work in, then drill into the branch you need. The current branches cover EU digital regulation (that's where my desk is), with cross-mappings for teams juggling more than one framework — and more branches as the library grows.

The tree

  • DORA — digital operational resilience for financial entities. The most developed branch — this is where the library started.
  • NIS2 — cybersecurity for essential and important entities.
  • EU AI Act — risk-based rules for AI systems.
  • GDPR — data protection as an operating discipline.
  • Cross-regulation mappings — where the obligations overlap, and how to satisfy several with one control set.
  • The toolshop — skills and small automations that make the work easier.
  • Worked examples — finished artefacts, end to end, so you can see the standard before building your own.

What kind of artefacts live here

Every resource falls into one of a few types, and each page tells you which:

Type What it gives you
Checklist Step-by-step readiness or review list you can run against your own organization
Document inventory The policies, registers and procedures a regulation expects to exist, with ownership suggestions
Control mapping Regulation articles mapped to concrete controls (and to common frameworks where useful)
Responsibility matrix Who owns what — management body, second line, IT, procurement, vendors
Evidence examples What "proof this works" looks like for an auditor or supervisor

Sources

All artefacts are built from public and official sources — EUR-Lex texts, European Supervisory Authority publications, ENISA and EDPB guidance — plus original templates. No internal or proprietary material from any employer — ever.