Demo
Free attack scan · then autonomous pentesting Try the free scan →
Save the date 45 minutes · Online · Free

DORA Year One —
what 12 months of TLPT enforcement revealed

A 45-minute briefing on Article 26 threat-led penetration testing: who tested what, where regulators pushed back, and what the next-year scope looks like for EU financial entities.

When
TBD Q3 2026
Date locks 4 weeks ahead. Subscribe for notice.
Format
Online live
Recorded — replay for subscribers
Who is it for
CISOs, DORA compliance leads, vCISOs and security consultants serving EU financial entities.
Save my seat → Read the DORA primer first

Agenda — 45 minutes

00:00
Article 26 — what year one actually required
Threat-led penetration testing scope, frequency, attestation: what supervisory authorities asked for vs. what the directive says.
12:00
Common findings — top 5 categories
Aggregated patterns from SQUR's engagements + public RTS-on-TLPT analysis. What financial entities reliably failed on.
22:00
Evidence chain — what auditors accepted
Report format, retest cadence, third-party-supplier attribution. How auditors decided "appropriate and proportionate."
32:00
2027 scope expansion
The implementing technical standards in the pipeline. What scope changes are likely. How early adopters position now.
40:00
Live Q&A
5 minutes of audience questions, answered live or queued for the follow-up briefing.

Why SQUR is running this

SQUR delivers autonomous pentests to EU financial entities under DORA scope — €1,995 fixed price, 24-hour turnaround, EU data residency. We see the pattern across engagements: the gap between what Article 26 says and what supervisory authorities accept as evidence.

This briefing is a one-off synthesis of that pattern, not a sales pitch. No demo. No CTA at the end. The slides ship as a PDF afterwards.

Quarterly EU compliance briefings

DORA Year One is the first in a quarterly briefing series for EU compliance leads. Upcoming:

  • NIS2 Article 21 — the Evidence Package question
    Q4 2026. How national CSIRTs are evaluating "appropriate and proportionate measures" submissions.
  • EU AI Act red-teaming requirements
    Q1 2027. High-risk AI system testing scope under Article 15 + 55.
  • ISO 27001 + DORA — control-mapping gaps
    Q2 2027. Where your ISO 27001 evidence chain breaks down under DORA scrutiny.