deenx-default

Downloads

All documents, factsheets, and guides in one place. We provide you with the materials you need for your decision, your auditor, or your internal case.

The official English versions of the EU laws that shape OTTRIA's work — for your own reading and as reference.

Standards #

Factsheets on EU laws #

DORA factsheet #

Compact overview of DORA obligations for financial institutions: who is affected, what the law requires, what consequences are at stake, and how OTTRIA helps. With article references and concrete mapping of DORA obligations to OTTRIA services.

Download DORA factsheet (PDF, available)

NIS2 factsheet #

The NIS2 Directive affects 18 sectors — from energy to healthcare to digital infrastructure. The factsheet explains the central obligations under Art. 21, the supply chain requirements, and the consequences of non-compliance. With focus on the German transposition (NIS2UmsuCG).

Download NIS2 factsheet (PDF, in preparation)

CRA factsheet #

The Cyber Resilience Act brings CE marking for software, 5 years of security obligation, and 24-hour reporting deadlines. The factsheet summarises what software manufacturers need to know — including the new steward role for open source projects and the transition periods.

Download CRA factsheet (PDF, in preparation)

Product Liability factsheet #

The new EU Product Liability Directive makes software a product and data loss a ground for liability. This factsheet explains the extended grounds for liability, the removal of the cap on damages, and what this means for companies with open source components.

Download Product Liability factsheet (PDF, in preparation)

GDPR factsheet #

The GDPR requires "state of the art", permanent availability, and demonstrable due diligence. The factsheet explains why Art. 25 and Art. 32 are practically unachievable without maintained open source governance, how Art. 83(2)(d) expressly considers documented TOMs as a mitigating factor in fine assessment, and what evidence you need in proceedings before a supervisory authority.

Download GDPR factsheet (PDF, in preparation)

Market comparison — OTTRIA vs. SCA, catalogue support, and enterprise support #

A factual comparison: what do SCA tools provide, what do catalogue providers like HeroDevs or TuxCare offer, what does enterprise support cover — and where does OTTRIA fit in? The comparison examines coverage, measures, upstream work, compliance documentation, and abandonment protection.

Download market comparison (PDF, in preparation)

Checklists and guides #

Due diligence checklist #

11 review areas with concrete questions you should ask every provider for open source governance. From coverage and responsiveness to edge cases and the reality check with three test questions. Including red flags to watch for.

Download due diligence checklist (PDF, in preparation)

Auditor guide #

Template narrative for auditors: how can the engagement of OTTRIA be documented within a DORA or NIS2 audit? What evidence does OTTRIA deliver, what evidence does the client add? With mapping to the relevant legal articles (Art. 25 and 28 DORA, Art. 21 NIS2, Annex I CRA).

Download auditor guide (PDF, in preparation)

Sample report #

Example of an audit-ready OTTRIA report as you would receive it during the collaboration. Contains: risk documentation per component, remediation history with timestamps, legal references, SBOM excerpt with maintenance status. Anonymised but complete in structure and level of detail.

Download sample report (PDF, in preparation)

Notes #

All documents are available to you free of charge. If you urgently need a document or would like to preview it, contact us directly.

Missing a document? Tell us what you need — we will create it.

TODO: Documents still to be created #