dora-nis2-crosswalk-mcp 1.0.3

DORA × NIS2 Crosswalk MCP — map Regulation (EU) 2022/2554 obligations to Directive (EU) 2022/2555 Article 21-23 measures, and vice versa. For EU banks, insurers, payment institutions, crypto-asset service providers, and their CTPPs (critical ICT third-party providers). Dual-compliance scoring + HMAC-signed attestations. By MEOK AI Labs.

DORA × NIS2 Crosswalk MCP

Buy Starter — £29/mo

Signed attestations + unlimited audits + email support. 👉 Subscribe at meok.ai — instant HMAC signing key + Stripe-managed billing.

Free tier remains MIT-licensed and zero-config. Upgrade only when you need signed compliance artefacts for audit.

Map Regulation (EU) 2022/2554 (DORA) obligations to Directive (EU) 2022/2555 (NIS2) Article 21-23 measures — so EU banks, insurers, payment institutions, crypto-asset service providers, and their CTPPs can prove dual compliance without re-auditing the same controls twice.

By MEOK AI Labs.

Why this exists

Most EU financial entities are in scope for both DORA and NIS2. The obligations overlap ~65% but:

• Reporting clocks differ (DORA: 4h/72h/1mo — NIS2: 24h/72h/1mo + 3mo progress)
• Competent authorities differ (DORA: national FSA — NIS2: national CSIRT)
• Classification thresholds differ (Commission Delegated Reg (EU) 2024/1772 vs NIS2 national transpositions)

If you treat them as two separate programmes, you duplicate work. If you treat them as one with a crosswalk, you don't.

Tools

• list_overlapping_obligations — full crosswalk table with "satisfies-both-if" test
• compare_reporting_clocks — side-by-side incident reporting timeline
• check_dual_compliance — score your current controls against both regimes
• sign_dual_compliance_attestation — Pro/Enterprise: cryptographically signed dual-compliance cert

Install

pip install dora-nis2-crosswalk-mcp

Tiers

• Free — 10 queries/day, crosswalk + clocks
• Pro £199/mo — unlimited + dual-compliance gap scoring + signed attestations
• Enterprise £1,499/mo — multi-entity, gap-remediation export
• £5,000 assessment — 48h dual-compliance gap review + roadmap

Related MEOK MCPs

• dora-compliance-mcp — DORA alone
• nis2-compliance-mcp — NIS2 alone
• cra-compliance-mcp — EU CRA
• meok-attestation-verify — verify signed certs

Full Compliance Platform

Need more than crosswalk mapping? councilof.ai provides the complete EU regulatory compliance stack — DORA, NIS2, EU AI Act, CRA, CSRD — from £29/mo.

→ Get started at councilof.ai

If this tool helps your compliance workflow, please star this repo — it helps other teams find it.

License

MIT — MEOK AI Labs, 2026.

<script type="application/ld+json"> { "@context": "https://schema.org", "@type": "FAQPage", "mainEntity": [ { "@type": "Question", "name": "Is this MCP server free to use?", "acceptedAnswer": { "@type": "Answer", "text": "Yes. The free tier gives you 10 calls per day with no API key required. Pro tier is £79/mo for unlimited calls plus cryptographically signed attestations your auditor can verify independently." } }, { "@type": "Question", "name": "How does the signed attestation work?", "acceptedAnswer": { "@type": "Answer", "text": "Every Pro tier audit produces a HMAC-SHA256 signed certificate with a unique ID and a public verify URL. Your auditor pastes the cert into https://meok-attestation-api.vercel.app/verify and gets an independent valid/invalid response. No contact with MEOK required." } }, { "@type": "Question", "name": "Which MCP clients does this work with?", "acceptedAnswer": { "@type": "Answer", "text": "All standard MCP clients: Claude Desktop, Claude Code, Cursor, VS Code with MCP extension, Windsurf, Cline, and any custom MCP-compatible agent. Install via npx meok-setup or pip install for the underlying Python package." } }, { "@type": "Question", "name": "Can I install all MEOK governance MCPs at once?", "acceptedAnswer": { "@type": "Answer", "text": "Yes. Run npx meok-setup --pack governance to install all 10 governance MCPs and write the configs for Claude Desktop, Cursor, or Windsurf in one command." } }, { "@type": "Question", "name": "Is the regulation text authoritative?", "acceptedAnswer": { "@type": "Answer", "text": "Yes. MEOK syncs daily from the EUR-Lex Cellar SPARQL endpoint, the canonical EU regulation publication system. The text is verbatim with no LLM summarization. Every quote is auditor-defensible and includes the exact article number plus relevance score." } } ] } </script>