Regulation archetype
EU fintech or software supplier to financial customers
EU fintech software suppliers should expect GDPR, ISO 27001, SOC 2, DORA-driven due diligence, and vendor risk evidence. Direct DORA duties depend on role and customer relationship, but financial-sector buyers often push DORA expectations into supplier reviews.
Company profile
- A software company selling to banks, payment institutions, insurers, investment firms, crypto-asset service providers, or regulated fintechs.
Likely planning items
- GDPR
- ISO 27001
- SOC 2
- DORA due diligence
Possible additional pressure
- PSD2
- MiCA
- NIS2
- PCI DSS
Next steps
- 01Identify financial customers and critical ICT dependencies.
- 02Prepare evidence for incident handling, continuity, access control, and vendor oversight.
- 03Create a financial-sector readiness brief before enterprise procurement asks for it.
This page is a practical planning guide, not legal or audit advice. Use it to scope questions before confirming obligations with legal, audit, or regulatory specialists.