Is Dora Compliance free?

Yes, Dora Compliance is free to use.

How do I install Dora Compliance?

Dora Compliance is a local plugin. Install it using PyPI package: dora-compliance-mcp and add the generated configuration snippet to your AI app's MCP config file. Then restart your AI app.

What AI apps work with Dora Compliance?

Dora Compliance uses the Model Context Protocol (MCP) and works with any MCP-compatible AI app, including Claude, ChatGPT / Codex, Gemini, Copilot, Cursor, and more.

Back to Browse

Dora Compliance MCP Server

by CSOAI ORG

SecurityUse Caution3.2MCP RegistryLocal

Free

Server data from the Official MCP Registry

DORA (EU Digital Operational Resilience Act) compliance for AI agents. 5-pillar audit, incid...

About

DORA (EU Digital Operational Resilience Act) compliance for AI agents. 5-pillar audit, incid...

Security Report

3.2

Use Caution3.2High Risk

The DORA compliance MCP server is a legitimate domain-specific tool with appropriate authentication and rate limiting, but several security concerns lower the score. The auth fallback mechanism is fragile (relies on a hardcoded environment variable comparison when the shared auth module is unavailable), and there is heavy reliance on simplistic keyword matching for compliance assessment without input validation or sanitization. Permission scope is appropriate for the stated purpose (HTTP API calls, environment variables for credentials, no filesystem write access), and dependencies are minimal and legitimate. Supply chain analysis found 3 known vulnerabilities in dependencies (0 critical, 3 high severity). Package verification found 1 issue.

3 files analyzed · 11 issues found

Security scores are indicators to help you make informed decisions, not guarantees. Always review permissions before connecting any MCP server.

Permissions Required

This plugin requests these system permissions. Most are normal for its category.

env_vars

Check that this permission is expected for this type of plugin.

HTTP Network Access

Connects to external APIs or services over the internet.

How to Install

Add this to your MCP configuration file:

{
  "mcpServers": {
    "io-github-csoai-org-dora-compliance-mcp": {
      "args": [
        "dora-compliance-mcp"
      ],
      "command": "uvx"
    }
  }
}

Documentation

View on GitHub

From the project's GitHub README.

DORA Compliance MCP

Automate DORA (Digital Operational Resilience Act) compliance for EU financial entities.

Regulation (EU) 2022/2554 — enforcement live since 17 January 2025. Penalties: up to 1% of average daily worldwide turnover for CTPPs.

Install · Tools · Pricing · Attestation API

Why This Exists

DORA has been enforceable since January 2025. Every EU bank, insurer, investment firm, and their critical ICT providers must demonstrate operational resilience across 5 pillars. The regulation requires ICT risk management frameworks, incident reporting within 4 hours, threat-led penetration testing (TLPT), and third-party risk registers.

Traditional DORA compliance involves hiring consultancies at €800-1,500/day for 6-12 months. This MCP automates the 5-pillar assessment, generates Article 28 register entries, runs TLPT planning checklists, and produces incident classification templates — all from a single Claude prompt.

Install

pip install dora-compliance-mcp

Tools

Tool	DORA Pillar	What it does
`assess_ict_risk`	Pillar 1	ICT risk management framework assessment
`classify_incident`	Pillar 2	Incident classification per Article 18 criteria
`plan_tlpt`	Pillar 3	Threat-led penetration testing planning
`assess_third_party`	Pillar 4	Article 28 ICT third-party risk register
`check_information_sharing`	Pillar 5	Information sharing arrangement audit
`run_full_audit`	All 5	Complete 5-pillar DORA readiness assessment
`sign_attestation`	—	HMAC-SHA256 signed compliance certificate

Example

Prompt: "Our bank uses 3 cloud providers and 2 SaaS fintech tools.
Run a full DORA 5-pillar assessment. Flag any ICT concentration risk
and generate the Article 28 register entries."

Result: 5-pillar assessment with ICT concentration risk flagged on
cloud provider dependency, Article 28 register entries for all 5
third parties, incident reporting template, TLPT scope recommendation.
Each section signed with attestation cert.

Pricing

Tier	Price	What you get
Free	£0	10 calls/day — risk assessment + incident classification
Pro	£199/mo	Unlimited + HMAC-signed attestations + verify URLs
Enterprise	£1,499/mo	Multi-tenant + co-branded reports + webhooks

Subscribe to Pro · Enterprise

Attestation API

POST https://meok-attestation-api.vercel.app/sign
GET  https://meok-attestation-api.vercel.app/verify/{cert_id}

Zero-dep verifier: pip install meok-attestation-verify

License

MIT

Reviews

No reviews yet

Be the first to review this server!

More Security MCP Servers

Toleno

Free

by Toleno · Developer Tools

Toleno Network MCP Server — Manage your Toleno mining account with Claude AI using natural language.

mcp-creator-python

Free

by mcp-marketplace · Developer Tools

Create, build, and publish Python MCP servers to PyPI — conversationally.

MarkItDown

Free

by Microsoft · Content & Media

Convert files (PDF, Word, Excel, images, audio) to Markdown for LLM consumption

Dora Compliance MCP Server

About

Security Report

Findings (11)Action required

Permissions Required

How to Install

Documentation

DORA Compliance MCP

Why This Exists

Install

Tools

Example

Pricing

Attestation API

Links

License

Reviews

No reviews yet

More Security MCP Servers

Toleno

mcp-creator-python

MarkItDown

mcp-creator-typescript

Google Workspace MCP

FinAgent