Skip to content

Cross-regulation mappings

Most organizations don't face one EU digital regulation — they face several at once. The expensive mistake is building a separate compliance silo for each. These mappings show where obligations overlap so one control, one document or one process can serve multiple regulations.

Planned mappings

Mapping The practical question it answers
DORA × NIS2 A financial entity is largely carved out of NIS2 where DORA applies — but group entities and suppliers may not be. Who follows which rulebook?
DORA × AI Act AI systems inside a financial entity: which incident, risk and third-party obligations stack?
AI Act × GDPR Training data, automated decision-making, DPIAs vs. FRIAs — where one assessment can feed the other
Incident reporting across all four One incident, multiple clocks: a single reference for what must be reported to whom, and when
Third-party / supply-chain obligations DORA Art. 28–30, NIS2 Art. 21(2)(d), GDPR Art. 28 — one vendor-management process to satisfy all three

Under construction

Mappings ship once their underlying single-regulation artefacts exist. Announcements on the blog.