DORA Reporting in Italy: Banca d'Italia, CONSOB and IVASS Guide
Italy DORA supervision across Banca d'Italia, CONSOB and IVASS: scope by entity type, INFOSTAT reporting, ICT incident evidence and 2026 evidence checklist.
CyAdviso Insights
DORA, MiCA & vCISO — practical guides for EU fintechs
Field notes from running DORA programmes at EU-licensed institutions. No fluff. 35 posts.
Start here
Featured guides
- DORA Compliance Guide for EU Fintech SMBs: 2026 Evidence RoadmapPractical 2026 DORA compliance guide for European fintech SMBs: scope, evidence, incidents, ICT third-party risk, board oversight and remediation roadmap step.
- DORA Incident Reporting 2026: Timeline, Classification and EvidenceDORA incident reporting in 2026: 4h after classification, 24h detection ceiling, 72h intermediate report, 1-month final report and a full evidence workflow.
- DORA TLPT: 2026 Guide to Threat-Led Penetration TestingDORA TLPT guide for 2026: who is in scope, how Article 26 works, what evidence to keep and how EU-licensed financial entities should prepare without overclaim.
- DORA Register of Information: 2026 Guide for ICT Third-Party RiskDORA Register of Information guide for 2026: required data fields, ICT third-party mapping, critical functions, validation controls and submission readiness.
- DORA vs MiCA: 2026 Compliance Guide for EU Fintechs and CASPsDORA vs MiCA for EU fintechs and CASPs in 2026: scope, authorisation, ICT risk, incident reporting, TLPT and operational resilience obligations explained today.
- DORA vs PSD2/PSD3: 2026 Guide for EU Payment Institutions and EMIsDORA vs PSD2/PSD3 for EU payment institutions and EMIs in 2026: operational resilience, payment security, incident reporting, SCA, fraud and third-party ICT.
- vCISO for EU Fintechs: 2026 Guide to Scope, Evidence and RetainersEverything an EU fintech leader should know about a virtual CISO in 2026: scope, evidence, DORA, board reporting, incident readiness and buying criteria today.
- Case Study: 90-Day DORA Gap Analysis for an EU-Licensed EMIAnonymised DORA case study for an EU-licensed EMI: gap analysis, ICT risk framework, incident workflow, supplier evidence and board-ready remediation plan.
Topic clusters
Find the right route
Case Study: 90-Day DORA Gap Analysis for an EU-Licensed EMI
Anonymised DORA case study for an EU-licensed EMI: gap analysis, ICT risk framework, incident workflow, supplier evidence and board-ready remediation plan.
DORA Reporting in France: ACPR and AMF Guide for Financial Entities
France DORA supervision is split between ACPR and AMF. Scope by entity type, ICT incident reporting channels, Register of Information and evidence checklist.
DORA TLPT: 2026 Guide to Threat-Led Penetration Testing
DORA TLPT guide for 2026: who is in scope, how Article 26 works, what evidence to keep and how EU-licensed financial entities should prepare without overclaim.
DORA Business Continuity and Disaster Recovery: Articles 11-12 Guide for 2026
Practical 2026 guide to DORA Articles 11 and 12 BCDR: ICT continuity policy, backup, restoration, RTO and RPO, testing, suppliers and supervisory evidence.
DORA vs MiCA: 2026 Compliance Guide for EU Fintechs and CASPs
DORA vs MiCA for EU fintechs and CASPs in 2026: scope, authorisation, ICT risk, incident reporting, TLPT and operational resilience obligations explained today.
DORA Incident Reporting 2026: Timeline, Classification and Evidence
DORA incident reporting in 2026: 4h after classification, 24h detection ceiling, 72h intermediate report, 1-month final report and a full evidence workflow.
DORA Reporting in Germany: BaFin Guide for Financial Entities
BaFin — Germany's DORA competent authority for credit institutions, payment firms, EMIs, investment firms, insurers and CASPs: scope, ICT reporting, evidence.
DORA Reporting in the Netherlands: DNB and AFM Guide for Financial Entities
Netherlands DORA supervision splits between De Nederlandsche Bank (DNB) and the Authority for the Financial Markets (AFM): scope, ICT reporting and evidence.
DORA Compliance Guide for EU Fintech SMBs: 2026 Evidence Roadmap
Practical 2026 DORA compliance guide for European fintech SMBs: scope, evidence, incidents, ICT third-party risk, board oversight and remediation roadmap step.
DORA Reporting in Luxembourg: CSSF Guide for Financial Entities
CSSF — Luxembourg's DORA competent authority for banks, investment firms, payment firms / EMIs, fund managers and CASPs: scope, ICT reporting and evidence pack.
DORA Reporting in Ireland: Central Bank of Ireland Guide for Financial Entities
Central Bank of Ireland — DORA competent authority for credit institutions, EMIs, PIs, investment firms, insurers and CASPs: scope, ICT reporting and evidence.
DORA vs PSD2/PSD3: 2026 Guide for EU Payment Institutions and EMIs
DORA vs PSD2/PSD3 for EU payment institutions and EMIs in 2026: operational resilience, payment security, incident reporting, SCA, fraud and third-party ICT.
DORA Reporting in Malta: MFSA Guide for Financial Entities
MFSA — Malta's DORA competent authority for credit institutions, EMIs, PIs, investment firms, insurers and CASPs: scope, ICT reporting and evidence pack today.
DORA Reporting in Cyprus: Competent Authorities Guide for Financial Entities
Cyprus splits DORA supervision between Central Bank of Cyprus, CySEC and the Superintendent of Insurance: scope by entity type, ICT reporting and evidence pack.
DORA Reporting in Estonia: Finantsinspektsioon Guide for Financial Entities
Finantsinspektsioon as the DORA competent authority in Estonia: scope, ICT incident reporting framing, Register of Information and a 2026 evidence checklist.
DORA and Finanstilsynet Denmark: Practical Guide for Financial Entities
Finanstilsynet — Denmark's DORA competent authority for banks, payment firms, investment firms and insurers: scope, ICT incident reporting and evidence today.
DORA and Finansinspektionen: Practical Guide for Swedish Financial Entities
Finansinspektionen — Sweden's DORA competent authority for credit institutions, payment firms, investment firms and CASPs: scope, ICT reporting and evidence.
DORA and Latvijas Banka: Practical Guide for Latvian Financial Entities
Latvijas Banka as the consolidated DORA competent authority for Latvia: scope, ICT incident framing, Register of Information and 2026 evidence checklist today.
DORA Board Responsibilities 2026: Management Body Evidence Checklist
DORA board responsibilities for 2026: management-body duties, ICT risk oversight, approvals, reporting cadence and a supervisory-ready evidence checklist today.
DORA and the Bank of Lithuania: Practical Guide for Fintechs
Lietuvos bankas as the DORA competent authority for fintechs in Lithuania: who is in scope, ICT incident reporting framing, evidence checklist and 2026 sources.
DORA vs NIS2: 2026 Comparison for EU Financial Entities
DORA vs NIS2 in 2026: scope, lex specialis, incident reporting, ICT risk, third-party oversight and what EU-licensed financial entities should document today.
DORA Proportionality Principle: 2026 Guide for Smaller Financial Entities
DORA proportionality principle in 2026: how smaller EU financial entities scale ICT risk, testing, third-party controls and produce supervisory-ready evidence.
DORA vs PCI DSS 4.0.1: 2026 Guide for EU Fintechs Handling Card Data
DORA vs PCI DSS 4.0.1 for EU fintechs in 2026: scope, enforcement, incident reporting, cardholder data, ICT risk and a build-once evidence approach in 2026.
7 DORA Compliance Mistakes EU Financial Firms Still Need to Fix in 2026
Seven practical DORA compliance mistakes that still create supervisory risk in 2026: weak ownership, stale evidence, incident gaps and third-party blind spots.
Cyber Resilience Act vs DORA: 2026 Guide for EU Fintechs and ICT Vendors
Cyber Resilience Act vs DORA in 2026: how product cybersecurity, financial operational resilience, vulnerability reporting and ICT vendor duties fit together.
DORA Requirements in 2026: Operating Controls and Evidence Checklist
Practical 2026 guide to DORA requirements: ICT risk, incident reporting, resilience testing, third-party risk, Register of Information and board-ready evidence.
DORA Register of Information: 2026 Guide for ICT Third-Party Risk
DORA Register of Information guide for 2026: required data fields, ICT third-party mapping, critical functions, validation controls and submission readiness.
DORA Compliance Checklist 2026: Practical Implementation Guide
DORA compliance checklist for 2026: scope, ICT risk framework, incident reporting, resilience testing, third-party risk, evidence and governance management.
DORA ICT Risk Register Template: 2026 Guide for Financial Entities
DORA ICT risk register template for 2026: required fields, risk scoring, control mapping, ownership, third-party dependencies and board-ready audit evidence.
Benefits of a vCISO for EU Fintechs and SaaS Scaleups
What a virtual CISO delivers in 2026 for EU fintechs and SaaS scaleups: governance, ICT risk, incident readiness, supplier oversight and board evidence today.
vCISO Pricing in 2026: Retainers, 90-Day Programmes and Scope
vCISO pricing in 2026 for EU fintechs and SaaS scaleups: retainers, 90-day programmes, scope drivers, proposal comparison and budget-friendly guardrails today.
Hiring a vCISO: Step-by-Step Guide for EU Fintechs
Hiring a virtual CISO in 2026: how EU-licensed fintechs define scope, compare providers, avoid weak retainers and structure a 90-day evidence-driven roadmap.
vCISO for EU Fintechs: 2026 Guide to Scope, Evidence and Retainers
Everything an EU fintech leader should know about a virtual CISO in 2026: scope, evidence, DORA, board reporting, incident readiness and buying criteria today.
EBA Guidelines on ICT and Security Risk Management After DORA
How EBA/GL/2019/04 fits with DORA in 2026: narrowed scope, audit use, ICT risk evidence, governance, outsourcing and payment-services security obligations.