Resource library¶
Practical artefacts for turning regulation into an operating model — controls, documents, ownership, evidence. Organized as a tree: pick the area you work in, then drill into the branch you need. The current branches cover EU digital regulation (that's where my desk is), with cross-mappings for teams juggling more than one framework — and more branches as the library grows.
The tree¶
- DORA — digital operational resilience for financial entities. The most developed branch — this is where the library started.
- NIS2 — cybersecurity for essential and important entities.
- EU AI Act — risk-based rules for AI systems.
- GDPR — data protection as an operating discipline.
- Cross-regulation mappings — where the obligations overlap, and how to satisfy several with one control set.
- The toolshop — skills and small automations that make the work easier.
- Worked examples — finished artefacts, end to end, so you can see the standard before building your own.
What kind of artefacts live here¶
Every resource falls into one of a few types, and each page tells you which:
| Type | What it gives you |
|---|---|
| Checklist | Step-by-step readiness or review list you can run against your own organization |
| Document inventory | The policies, registers and procedures a regulation expects to exist, with ownership suggestions |
| Control mapping | Regulation articles mapped to concrete controls (and to common frameworks where useful) |
| Responsibility matrix | Who owns what — management body, second line, IT, procurement, vendors |
| Evidence examples | What "proof this works" looks like for an auditor or supervisor |
Sources
All artefacts are built from public and official sources — EUR-Lex texts, European Supervisory Authority publications, ENISA and EDPB guidance — plus original templates. No internal or proprietary material from any employer — ever.