DORA's data dimensions, on your real catalog
DORA requires EU financial entities to manage digital operational risk, third-party risk and information traceability from January 2025. Linedat delivers those data dimensions with tamper-proof evidence.
Binding EU law
What DORA requires (and what Linedat covers)
DORA
DORA (Digital Operational Resilience Act) is the EU regulation that requires financial entities — and their critical ICT providers — to manage technology risk, report incidents, test resilience and control third-party risk. It has been binding law since 17 January 2025.
To be honest about scope: Linedat is not an end-to-end operational resilience platform — it does not run resilience tests or submit the incident report to the authority on your behalf — and its provider register covers AI/LLM third parties, not the full ICT provider register of Art. 30 of DORA. What it does deliver are the DATA dimensions of DORA: traceability of information assets, the AI provider register, the data risk register and tamper-proof evidence.
DORA dimensions covered by Linedat
Linedat covers the data and third-party dimensions of DORA — not end-to-end technical resilience.
Data risk management
Risk register with a 5x5 matrix and effectiveness verification, over the catalogued information assets (data risk, not the full ICT/resilience risk framework of DORA).
AI third-party risk
AI provider register with contractual documentation (DPA, SCCs, jurisdiction) and versioning. Covers the AI/LLM third-party flank, not the full ICT provider register of Art. 30 of DORA.
Information asset traceability
Temporal lineage reconstructible to any date, with a hash chain proving the history has not been altered.
Evidence and access control
Verifiable audit chain, three-tier RBAC with separation of duties and committees with traceable evidence.
How Linedat covers it
Linedat covers the data and third-party dimensions of DORA — not end-to-end technical resilience.
Data Risk with 5×5 Matrix and Effectiveness Verification
A data risk is not closed by saying "already mitigated": it is closed with proven effectiveness.
View capability →AI GovernanceAI Providers with DPA, SCCs and TIA
Using OpenAI without a DPA is an international transfer with no legal basis.
View capability →Catalog, quality & lineageTemporal and Verifiable Lineage (Point-in-Time)
We know what the lineage looked like on the fiscal year-end — and we can prove nobody touched it.
View capability →Trust & evidenceAudit Chain: Verifiable Cryptographic Integrity
Other catalogues store logs. Linedat stores proof — verify it with a button.
View capability →Data governanceData Contracts with Automatic Violation Detection
Without a contract, every schema change is Russian roulette with someone else's data.
View capability →Trust & evidence3-Level RBAC with Separation of Duties
The person who operates the data is not the person who governs it. By design.
View capability →Data governanceGovernance Committees with Traceable Evidence
The committee does not decide in a Word document: it decides with evidence linked to the data.
View capability →FAQ
Respuestas sobre implementación y capacidades
Related standards
Bring compliance to your own data
Connect your sources and see it in your environment. Free to start.
